This article guides you through the steps and requirements for setting up Single Sign-On (SSO) integration with Cayuse’s iRIS application. iRIS uses Shibboleth Service Provider (SP) for SSO connections.
1.Provide IDP Information
To start, Cayuse needs the following from your Identity Provider (IDP):
-
IDP EntityID
-
IDP Metadata (file or URL)
2. Access SP Metadata
The Shibboleth SP metadata is required to complete the integration:
https://<customer>.imedris.net/Shibboleth.sso/Metadata
Note: For new SSO setups, Shibboleth SP is not enabled by default. You’ll need to coordinate a cutover time to enable SSO and retrieve the SP metadata for import into your IDP.
3. Configure Attribute Mappings
Required Attributes
The following attributes are required. LDAP_ID is used as the unique identifier for users, and USER_NAME is usually set to the same value as LDAP_ID:
| iRIS Attribute name | SAML Attribute name |
| USER_NAME | |
| FIRST_NAME | |
| LAST_NAME | |
| EMAIL1 | |
| LDAP_ID | |
| ADDRESS_PROV |
Optional Attributes
You can also provide mappings for additional, optional user details:
| iRIS Attribute | SAML Attribute |
| MI | |
| ADDRESS1 | |
| ADDRESS_STREET | |
| ADDRESS_CITY | |
| ADDRESS_STATE | |
| ADDRESS_PROV | |
| ADDRESS_COUNTRY | |
| ADDRESS_POSTAL_CODE | |
| PRIMARY_PHONE | |
| PAGER_PHONE | |
| CELL_PHONE | |
| FAX_PHONE | |
| EMPLOYEE_ID | |
| JOB_TITLE | |
| SSN | |
| DEGREE | |
| SPECIALTY | |
| INSTITUTION_NAME | |
| DEPARTMENT_NAME | |
| DEPARTMENT_CODE | |
| SCHOOL_CODE |
4. Provide a Test Account
It’s highly recommended to provide Cayuse with a test SSO account. If a test account is not possible, Cayuse may request a SAML trace to troubleshoot any issues during the initial setup.