McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 14

↗ View in doc context
page
14
source
cucm/v15/saml-sso/saml-sso.md
chunk_id
cucm::v15::saml-sso::saml-sso::9

SAML SSO establishes a Circle of Trust (CoT) by exchanging metadata and certificates as part of the provisioning process between the IdP and the Service Provider. The Service Provider trusts the IdP's user information to provide access to the various services or applications. Service providers are no longer involved in authentication. SAML 2.0 delegates authentication away from the service providers and to the IdPs. Important The client authenticates against the IdP, and the IdP grants an Assertion to the client. The client presents the Assertion to the Service Provider. Since there is a CoT established, the Service Provider trusts the Assertion and grants access to the client. Single Sign on Single Service Provider Agreement Single sign-on allows you to access multiple Cisco collaboration applications after logging on to one of them. In the releases earlier than Unified Communications Manager Release 11.5, when administrators enabled SSO, each cluster node generated its own service provider metadata (SP metadata) file with a URL and a certificate. Each generated file had to be uploaded separately on Identity Provider (IDP) server. As the IDP server considered each IDP and SAML exchange as a separate agreement, the number of agreements that were created was equivalent to the number of nodes in the cluster. To improve the user experience and to reduce the total cost of the solution for large deployments, this release is enhanced. Now, it supports a single SAML agreement for a Unified Communications Manager cluster (Unified Communications Manager and Instant Messaging and Presence (IM and Presence)). SAML-Based SSO Features Enabling SAML SSO results in several advantages: • It reduces password fatigue by removing the need for entering different user name and password combinations. • It transfers the authentication from your system that hosts the applications to a third party system. Using SAML SSO, you can create a circle of trust between an IdP and a service provider. The service provider trusts and relies on the IdP to authenticate the users. • It protects and secures authentication information. It provides encryption functions to protect authentication information passed between the IdP, service provider, and user. SAML SSO can also hide authentication messages passed between the IdP and the service provider from any external user. • It improves productivity because you spend less time re-entering credentials for the same identity. • It reduces costs as fewer help desk calls are made for password reset, thereby leading to more savings. Basic Elements of a SAML SSO Solution • Client (the user’s client): This is a browser-based client or a client that can leverage a browser instance for authentication. For example, a system administrator’s browser. • Service provider: This is the application or service that the client is trying to access. For example, Unified Communications Manager. SAML SSO Deployment Guide for Cisco Unified Communications Applications, Release 15 and SUs 4 SAML-Based SSO Solution Single Sign on Single Service Provider Agreement