Headerbild: SSO mit SAML für UCS-Gruppen

Since the introduction of single sign-on support in Univention Corporate Server (UCS) via Secure Authentication Markup Language (SAML), an administrator can assign a user within the user object to those applications, called service providers in the SAML context, he or she can log in to via single sign-on. As for administrators in organizations with many users, this assignment can be time-consuming.

Since the update to UCS 4.4 erratum 611 in May this year, UCS system administrators are able to assign single sign-on for applications to entire groups. This simplifies the management of user access for organizations that have many users and map user permissions through groups.

Screenshot: SSO for groups in UCS

To set the access rights for groups, the administrator logs in to the UCS management system, goes to the ‘Groups’ module, selects an existing group or creates a new group and then he or she adds the corresponding SAML service provider on the “General” tab in the section ‘SAML Settings’.

First of all the application must be configured as a SAML service provider. Some of the apps in the Univention App Center, which already have a SAML service provider configuration, for example Nextcloud, Office 365 or Rocket.Chat, are pre-configured in this way after installation. For others you can add this by manually adding a SAML service.


Two Standards But One Common Single Sign-on – Integration of SAML and OpenID Connect

The integration of Kopano Konnect in the single sign-on network of Univention Corporate Server is an additional option for users to access a range of various applications that are integrated in UCS via a single, initial login … more


Afterwards all users of the selected group can log in to the relevant service via single sign-on. In this way, administrators can activate single sign-on access to, for example, Rocket.Chat with just a few clicks by simply assigning the Rocket.Chat SAML service provider to the group ‘Domain Users’. By default, every newly created UCS user will now be a member of the ‘Domain Users’ group.

If you have any questions or comments on the topic, we look forward to your comments on this blog article.

Use UCS Core Edition for Free!

Download now

Nico Gulden studied applied computer science and works for Univention since 2010. He is responsible for the Product Management and the relationship management of the App vendors in the Univention App Center. His spare time is dedicated to his family, reading, outdoor activities light photography, Geocaching and mapping for the OpenStreetMap project.

What's your opinion? Leave a comment!

Your email address will not be published. Required fields are marked *