Technical Support

Single Sign-On (SSO)

Google Authentication

Set the Staff Sign-In Authentication to "Google OAuth2" and you're ready to go.

Each staff member must have a user account created within ResLife Portal, and their email address must match their official Google email address.

SSO is also available with "Google OAuth2" for residents to access the ResLife Portal: Engage Hub.

More details about Google OAuth2 necessary content, context, and connection

Microsoft / Azure Authentication

ResLife Portal is listed in the Microsoft Azure Marketplace.

Set the Staff Sign-In Authentication to "Microsoft / Azure".

Each staff member must have a user account created within ResLife Portal, and their email address must match their official primary email address.

ResLife Portal has been integrated with the Microsoft Azure Active Directory OAuth, as a registered Azure Active Directory app.

SSO is also available with "Microsoft / Azure" for residents to access the ResLife Portal: Engage Hub.

Okta Authentication

Set the Staff Sign-In Authentication to "Okta".

Each staff member must have a user account created within ResLife Portal, and their email address must match their official Okta registered email address.

SSO is also available with "Okta" for residents to access the ResLife Portal: Engage Hub.

OneLogin Authentication

BETA. Set the Staff Sign-In Authentication to "OneLogin".

Each staff member must have a user account created within ResLife Portal, and their email address must match their official OneLogin registered email address.

SSO is also available with "OneLogin" for residents to access the ResLife Portal: Engage Hub.

SAML / Shibboleth?

What is Shibboleth?

Shibboleth is an open-source project that provides Single Sign-On capabilities and allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner.

Provide your Identity Provider (IdP) metadata via a link or XML file

Please email the XML file or a link to the file to your ResLife Portal contact.

Add our QA/Preview Service Provider (SP) metadata file to your Shibboleth configuration so we can test against our QA/Preview servers

Contact us for our QA/Preview metadata file.

Once verified on QA/Preview, please add our PRODUCTION Service Provider (SP) metadata file to your Shibboleth configuration

Contact us for our PRODUCTION metadata file.

Request time to work with the implementations team to test

Please contact us to set a meeting with your implementation lead and a ResLife Portal representative to ensure everything was correctly configured.

ResLife Portal: Shibboleth FAQ

What information does ResLife Portal retrieve from a Shibboleth Identity Provider?

ResLife Portal retrieves and uses the following attributes:

  • "eduPersonPrincipalName": Commonly a user's school email
  • "givenName", "FirstName", or "firstname": User's first name
  • "sn", "LastName", or "lastname": User's last name
  • "email" or "Mail": User's email (optional if eduPersonPrincipalName isn't the unique email)

What does ResLife Portal do with the information it retrieves?

ResLife Portal authenticates existing user accounts or resident records. It does not create a new user account or resident record if one does not exist.

Metaphorically speaking, our system does a "double hand-shake": first establishing the connection to your organization Identity Provider (IdP) via Shibboleth; second, by verifying the staff member or resident record exists within the ResLife Portal.

Is the connection between the Identity Providers and ResLife Portal secure?

Yes, all information transmitted from the Identity Providers and ResLife Portal is secure over SSL.

How does my IT team configure Shibboleth for ResLife Portal?

You'll need your IT team to update your attribute-filter.xml file with configurations for ResLife Portal. Contact us to discuss.

Single Sign-On (SSO) via Shibboleth, Google Accounts, Microsoft Azure AD, Okta, or OneLogin: are each optional for Membership Subscription Plans.