...
The entire process is managed by IT personnel in Melbourne, AUS.Users can be imported from a list using User Data Import Tool (in Settings under User Access) or via
Self-Registration
...
Self-Registration
To self-register, have the user login via https://jr.chemwatch.net/chemwatch.web/sso/login?domain="xxxxx". The system will connect to their identity provider and the user will have to provide login user/password. If this is the first time they have logged in a user will be created in CW using their credentials. An Administrator will need to assign them products and permissions before their account is active and ready for use.
...
<Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname%22windowsaccountname” NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Windows account name"/>
...
One of either Name, Given Name or Windows account name claims must be made in order to successfully log in to Chemwatch via SSO. The E-mail Address claim will be used to populate the Email field of the Chemwatch user record if available.
...
Below is an example of from Microsoft Active Directory attribute/Outgoing Claim Type mappings that can be used for logging into Chemwatch via SSO:.
...
IMPORTANT NOTES:
If you set your IDP as above, then inside Chemwatch application: your SAM-Account-Name will get mapped to our User Login field, your Display-Name will get mapped to our Person Name and your E-Mail-Adresses will get mapped to our Email fields respectively.
...
| Code Block |
|---|
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="_b5284f77-1b41-466a-bca1-5f10169e8e64" entityID="https://jr.chemwatch.net/chemwatch.web">
<SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<KeyInfo xmlns="<http://www.w3.org/2000/09/xmldsig#">>
<X509Data>
<X509Certificate>"Place holder certificate"</X509Certificate>
</X509Data>
</KeyInfo>
</KeyDescriptor>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="<https://jr.chemwatch.net/chemwatch.web/sso/login/"xxxxx""> index="0" isDefault="true" />
<Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="<http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="E-Mail Address"/>
<Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="<http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name"/>
<Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="<http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name ID"/>
<Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="<http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Given Name"/>
<Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="<http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Windows account name"/>
</SPSSODescriptor>
</EntityDescriptor> |
A similar guide for MS Azure is available from SSO (Single Sign On) Guide for Microsoft Azure