Setting up Single Sign-On (SSO) will allow members of your department to use their existing department username and password as login information for Halligan. Halligan will also create users that successfully authenticate through Halligan and against the AD server.
Navigate to the SSO setup page in Halligan. It can be found in the Department tab.
From the SSO page, fill out all the required fields with information about your department's directory.
- Fill in the Domain of your directory where indicated. Any users attempting to login with that domain in their email address will be authenticated against the configured LDAP if SSO is enabled.
- Provide your directories server information. This includes the host name, port, fully qualified Domain Name (DN) for the directory admin user and its password. Halligan will use this user when connecting to the directory server.
NOTE: Check the SSL box if the connection to the directory server is a Secure Sockets Layer (SSL) connection
- Input the Base DN for the directory (add User/Group DN if applicable). These will be used to run queries against the directory server when looking up the user trying to authenticate to Halligan. Then add the DN Attribute, which will be used when loading the username.
- Fill in the User Schema's relevant attributes (including the object class, email, first name and last name). This will provide Halligan with users' Metadata and will be populated/updated upon user login.
NOTE: When a user that does not yet exist in Halligan, the user will be created automatically if LDAP SSO is configured and enabled.
- Provide the Group Schema's attributes (including Group Object Class, Group Name Attribute, and Group Members Attribute). Halligan uses groups to map users into roles upon login. These fields will be used to populate the Groups for Role mapping (see below). The Group Members Attribute will we used to query the AD for the groups that the user authenticating belongs to.
- Click the Fetch Groups button to have Halligan go pull groups based on the inputted configuration and provide you an option to map LDAP groups to roles. Much of the time a user might belong to many groups (e.g. an officer might be in the 'Firefighters' group and 'Officer' group). Since Halligan only supports a 1-1 mapping of user to Role in the system it becomes important to prioritize which AD group should be prioritized when mapping. The Priority column allows you to set a number. The sort order is Ascending, so priority 0 is higher than priority 1 which is higher than priority 2, etc.
- Click Save. Then, click Validate. Upon success, a green check followed by the word "Success" will appear. Otherwise, a red X will appear indicating an error.