Single Sign-On (SSO) enables users to access multiple TU applications securely with one familiar login. SSO is mandatory for apps containing PII or financial data. OTS uses Entra ID but can support Shibboleth, SAML, or InCommon configurations. The configuration of SSO does vary across what the vendor/application supports in addition to how the department may be currently using or will be using the application. While initial setup requires significant collaboration between OTS, the application owner, and vendor, the ongoing maintenance is minimal.
To process your request, the application owner should contact OTS and provide:
- Application and website name
- Contact information for the vendor
- Towson-specific URLs/addresses in use or will be used to get to the application, if available
- SSO configuration documentation from the vendor (links or support docs)
- Details on current TU community usage and user profiles, if available
- Information on expected roles within the application
- Details on how users are expected to be provisioned and deprovisioned from within the application (i.e manual creation, SCIM, just-in-time provisioning)
Once that information has been submitted, the Identity and Access Management team will review the information and reach out with any follow-up questions. Configuring SSO requires both IAM and application owner to coordinate settings while also working with vendor to complete the setup. Once testing is completed, the teams will agree on a go-live date.