Page-Setup-Authentication Settings

Modified on 05/15/2017 07:10 AM by Administrator — Categorized as: Uncategorized

Authentication Settings

Control how users access your calendar site via a user ID and password. By default user accounts are created and managed in Event Publisher. However, Event Publisher supports creation and management of users from external sources via SAML. Users can be authenticated via one of three ways:



Top

Site Authentication

This area allows for you to control how you will manage users logging in to your Event Publisher.


Image of authentication options for Event Publisher and SAML authentication.

You can choose from two options:


Top

Event Publisher

Selecting this check box will allow for users to create an manage their user account via Event Publisher.


Accounts created using Event Publisher will not be managed by your external identity provider.

Top

SAML Identity Provider

Selecting this check box will allow for users to access Event Publisher using an external account managed by your identity provider.


You will manage their administrative permissions and roles via Event Publisher.

Top

Both Event Publisher and SAML Authentication

Your calendar can be configured to allow for both Event Publisher and SAML Identity Provider Authentication. This allows for:



Top

User Accounts in Event Publisher

The first time that you sign into the site, you will be added as a visitor profile.


Your calendar administrator will need to assign you the appropriate roles in the application. Group permissions can be used to set the default level of permission, which is discussed below. Additionally, when assigning roles to externally authenticated users in Event Publisher you will search for, create, and modify users via the email address associated to the user.

Top

SAML Configuration

When using SAML, you will need to specify a number of fields to allow Event Publisher to communicate with your Identity Provider. The following Fields will need to be configured:


Image of all attributes that need to be specified when configuring SAML

Top

SAML Attributes

This area defines the default information required to create and authenticate a user in Event Publisher. This information is provided to Event Publisher from the SAML Identity Provider.


Top

Site Settings

This area controls Single Sign Out, and the default permissions applied to SAML authenticated users.


Important note for Multi-Site calendars: This settings is specific to each site, meaning if you have 3 calendar sites, you will need to select the radio option for all 3 sites invdividually. You will need to navigate to each calendar site to do so.
Image of Site Permissions
Top

Enable Single Sign Out

Selecting this radio option will enable SAML External Authorization during the "Sign out" process.


This option is only selectable once you have enabled "Single Sign-On". Please note, not all authorization methods support nor require single sign out.

Top

Default Permissions

This area allows you to control the level of permissions that SAML authenticated users will have once authenticated (signed in).


You can choose to use a group to control permissions, which allows for the greatest level of control.

Top

Apply Group Permissions for authenticated users

Selecting this radio option will enable SAML External Authorization to apply permissions to a user based upon the permissions of a specific group.


Use this option if you would like to have the most control over the dfeautl permissions applied SAML authenticated users.
Apply group permissions for authenticated users.

When selected, the group access panel will be exposed, and show you a list of availble groups to be applied to the SAML authenticated users.

view groups

To select a group, click the "Add" link displayed to the right of the group name.

Select a group.

To view the permissions assigned to the group, click the chevron icon to the left of the group name.

View permissions of a group.

If a user is granted a greater level of permissions via settings > users, the highest level of individual permissions will be applied. See for more information


This setting can be used to allow SAML users to act as administrative users, havign the ability to modify, publish, and delete all events, as well as have access to site and system settings.

Top

Apply Permission to view private events for authenticated users

Selecting this radio option will enable SAML External Authorization to provide access to private calendar sites, as well as the ability to view private events on public calendars.

Apply group permissions for authenticated users.
Top

Do not apply permissions and manage user permissions individually

Selecting this radio option will default the SAML authenticated user to have the same permissions as a Visitor Profile.


They will not be able to submit events unless public event submission has been enabled in site management. They will not have access to private calendar sites, or the ability to view private events on public calendars.
Apply group permissions for authenticated users.


Top

SAML Activation

To begin using SAML as your user authentication mechanism, you must click save at the bottom of the page.

Image of Save Control on SAML setup page.
Top

View your metadata

Viewing this link will open in a new window an xml file of the metadata being provided by Event Publisher.


View MetaData
You will provide this information to your identity provider, this file contains all of the information required to configure SSO with you Identity provider. This link will not be visible until you have completed the setup of your SAML configuration.

Top
Authentication Settings==

Control how users access your calendar site via a user ID and password. By default user accounts are created and managed in Event Publisher. However, Event Publisher supports creation and management of users from external sources via SAML. Users can be authenticated via one of three ways:



Top

Site Authentication

This area allows for you to control how you will manage users logging in to your Event Publisher.


Image of authentication options for Event Publisher and SAML authentication.

You can choose from two options:


Top

Event Publisher

Selecting this check box will allow for users to create an manage their user account via Event Publisher.


Accounts created using Event Publisher will not be managed by your external identity provider.

Top

SAML Identity Provider

Selecting this check box will allow for users to access Event Publisher using an external account managed by your identity provider.


You will manage their administrative permissions and roles via Event Publisher.

Top

Both Event Publisher and SAML Authentication

Your calendar can be configured to allow for both Event Publisher and SAML Identity Provider Authentication. This allows for:



Top

User Accounts in Event Publisher

The first time that you sign into the site, you will be added as a visitor profile.


Your calendar administrator will need to assign you the appropriate roles in the application. Group permissions can be used to set the default level of permission, which is discussed below. Additionally, when assigning roles to externally authenticated users in Event Publisher you will search for, create, and modify users via the email address associated to the user.

Top

SAML Configuration

When using SAML, you will need to specify a number of fields to allow Event Publisher to communicate with your Identity Provider. The following Fields will need to be configured:


Image of all attributes that need to be specified when configuring SAML

Top

SAML Attributes

This area defines the default information required to create and authenticate a user in Event Publisher. This information is provided to Event Publisher from the SAML Identity Provider.


Top

Site Settings

This area controls Single Sign Out, and the default permissions applied to SAML authenticated users.


Important note for Multi-Site calendars: This settings is specific to each site, meaning if you have 3 calendar sites, you will need to select the radio option for all 3 sites invdividually. You will need to navigate to each calendar site to do so.
Image of Site Permissions
Top

Enable Single Sign Out

Selecting this radio option will enable SAML External Authorization during the "Sign out" process.


This option is only selectable once you have enabled "Single Sign-On". Please note, not all authorization methods support nor require single sign out.

Top

Default Permissions

This area allows you to control the level of permissions that SAML authenticated users will have once authenticated (signed in).


You can choose to use a group to control permissions, which allows for the greatest level of control.

Top

Apply Group Permissions for authenticated users

Selecting this radio option will enable SAML External Authorization to apply permissions to a user based upon the permissions of a specific group.


Use this option if you would like to have the most control over the dfeautl permissions applied SAML authenticated users.
Apply group permissions for authenticated users.

When selected, the group access panel will be exposed, and show you a list of availble groups to be applied to the SAML authenticated users.

view groups

To select a group, click the "Add" link displayed to the right of the group name.

Select a group.

To view the permissions assigned to the group, click the chevron icon to the left of the group name.

View permissions of a group.

If a user is granted a greater level of permissions via settings > users, the highest level of individual permissions will be applied. See for more information


This setting can be used to allow SAML users to act as administrative users, havign the ability to modify, publish, and delete all events, as well as have access to site and system settings.

Top

Apply Permission to view private events for authenticated users

Selecting this radio option will enable SAML External Authorization to provide access to private calendar sites, as well as the ability to view private events on public calendars.

Apply group permissions for authenticated users.
Top

Do not apply permissions and manage user permissions individually

Selecting this radio option will default the SAML authenticated user to have the same permissions as a Visitor Profile.


They will not be able to submit events unless public event submission has been enabled in site management. They will not have access to private calendar sites, or the ability to view private events on public calendars.
Apply group permissions for authenticated users.


Top

SAML Activation

To begin using SAML as your user authentication mechanism, you must click save at the bottom of the page.

Image of Save Control on SAML setup page.
Top

View your metadata

Viewing this link will open in a new window an xml file of the metadata being provided by Event Publisher.


View MetaData
You will provide this information to your identity provider, this file contains all of the information required to configure SSO with you Identity provider. This link will not be visible until you have completed the setup of your SAML configuration.

Location of view metadata URL link.


Top