Body
How do I move an application to UGA SSO?
To begin, departments should submit a UGA SSO Integration Request. The request is reviewed by InfoSec, then passed to IDM for development. Once the application is integrated into the development environment, the application owner must verify functionality and sign off. This process is repeated for stage and production environments.
Where can I find UGA’s metadata and OIDC well-known endpoint?
For applications using the SAML protocol, metadata for the three UGA SSO environments is available at the following URLs:
- DEV: https://sso.dev.uga.edu/cas/idp/metadata
- STAGE: https://sso.stage.uga.edu/cas/idp/metadata
- PROD: https://sso.uga.edu/cas/idp/metadata
For applications using the OIDC protocol, here are the relevant endpoints:
- Well-known endpoint: https://sso.uga.edu/cas/oidc/.well-known
Can application owners use wildcards?
Wildcards are discouraged because all applications using UGA SSO must undergo security testing. In exceptional cases, IDM and InfoSec may work with departments to evaluate the need. Each request is reviewed based on:
- Security testing requirements
- Clarity of application identification
What if I don’t have a development or test environment?
EITS does not test in production. Departments should maintain development and test environments for patching and release testing. If only one environment exists, departments may need to schedule time to temporarily point to test and stage environments for sign-off.
What does it mean to sign off on a workflow?
Signing off confirms on the workflow in the development, stage, and production environments you are verifying that the application functions correctly, based on your test cases. This is done by the ticket requestor within the ticket. Timely sign-off is critical to keep the UGA SSO migration workflow moving forward.
When is maintenance scheduled to move my application to production?
EITS will regularly perform production maintenance once a month on the 3rd or 4th Friday of the month. The exact date of the monthly maintenance will coincide with the date of EITS’ monthly Windows and Linux patching activities. Production maintenance work will start at 5:00 pm, outside of regular business hours, to ensure updates occur during lower-impact times. Please note that this schedule may shift during holiday periods or major upgrade cycles.
What if my application is hosted externally?
Include the hosted environment’s contact information in the integration request. Hosted applications follow the same migration process:
- Testing in development, stage, and production
- Application owner sign-off at each stage
Is the process different for new vs. existing applications?
No. The migration process to UGA SSO is the same for both new and existing applications.
Which UGA SSO servers should be whitelisted?
- Production: ugasso.uga.edu
- Development: ugasso.dev.uga.edu
- Stage: ugasso.stage.uga.eduu
How do I test in the development environment?
Production MyIDs will not authenticate in the development environment.To test in the development environment, please request test MyID using the Test MyID Checkout Request. You may request credentials that remain valid for up to 2 months.
Important: You are responsible for managing and safeguarding any test IDs you request.
Is there a streamlined process for single-environment, CESS-approved, third-party-hosted applications?
No. Even if an application has passed procurement, it must be fully tested and verified in the UGA SSO environment. UGA SSO uses different hardware and software than other authentication services, so testing is essential.
Can UGA SSO pull AD group information?
UGA SSO reads Active Directory attributes for authentication. It is not configured for authorization, but group attributes can be passed to applications for authorization purposes.
What security reviews does InfoSec perform?
Security reviews vary by application and environment. Application owners should communicate with InfoSec via ticket comments for review coordination.
Why must I test my application during UGA SSO upgrade cycles?
UGA SSO undergoes scheduled maintenance twice a year (around February and September) to maintain security and support. Application owners must test in development and stage to ensure updates do not impact functionality before changes are deployed to production.