MyOrderDesk Single Sign-On Using CAS Follow
MyOrderDesk is able to authenticate users against a CAS server if the customer operates one. If the incoming user's email address is not recognized, MyOrderDesk will build a new account for them and any required profile information must be passed via attributes from the CAS server or input manually.
*NOTE: -As an option, returning user's profile information can be updated automatically upon sign in.
-The system can be set up to automatically assign CAS users to a specific group.
CAS 1.0 NetIDs (User IDs) need to be mapped to MyOrderDesk RemoteIDs in Users & Groups. However, RemoteIDs can be skipped if your CAS server (2.0 or higher) can return an email address in an attribute. See Email Address Attribute below.
- Enable CAS Server Authentication - Enable/Disable CAS authentication for your site.
- Server Name/IP- Enter the DNS name or IP of your CAS Server.
- Service URI- Enter any additional URI path required by your server, or / for the default.
- Server Port- Enter the Port your CAS server uses. Port 443 is the default and recommended.
- Protocol Version- Enter the CAS protocol version you wish to use with your server. Currently we support CAS versions 1.0, 2.0, 3.0 and SAML 1.1.
- SSL Certificate- Choose whether to allow self-signed certificates. Typically self-signed certificates are only used in a test environment.
- Sign In Button Text- Set the text to display on the sign-in button. "Sign in with CAS" is the default.
- Sign In Priority- Check to give CAS priority over email/password logins. A pop-up box will automatically redirect the user to your server unless manually canceled.
For CAS protocol versions 2.0 or higher:
- Email Address Attribute- (Optional) Typically your CAS server's NetID (User ID) is matched against a MyOrderDesk account's RemoteID. If you do not wish to use a RemoteID and your CAS server is capable of returning Attributes, set the attribute name from your server that will return your customer's Email Address.
- Update Profile On Sign In- Auto-update the user's profile from mapped attribute fields.
- Auto Create Account for Authenticated Users- If a MyOrderDesk account does not exist for an authenticated user, create one. This setting requires Email Address Attribute to be mapped and to return a valid email address.
Sign Up Group Assignment- Assign new users to this group. Requires >Auto Create Account for Authenticated Users to be enabled. This group is in addition to what’s set in Site Settings > Options > Sign Up & Security > Default Group Assignment