Become Part of our Team and Push Digital Sovereignty
- Teamleader IT / Project Manager (m/f/x)
- IT Consultant (m/f/x)
- Outbound Sales Represantative (m/f/x)
Since the introduction of single sign-on support in Univention Corporate Server (UCS) via Secure Authentication Markup Language (SAML), an administrator can assign a user within the user object to those applications, called service providers in the SAML context, he or she can log in to via single sign-on. As for administrators in organizations with many users, this assignment can be time-consuming.
Since the update to UCS 4.4 erratum 611 in May this year, UCS system administrators are able to assign single sign-on for applications to entire groups. This simplifies the management of user access for organizations that have many users and map user permissions through groups.
To set the access rights for groups, the administrator logs in to the UCS management system, goes to the ‘Groups’ module, selects an existing group or creates a new group and then he or she adds the corresponding SAML service provider on the “General” tab in the section ‘SAML Settings’.
First of all the application must be configured as a SAML service provider. Some of the apps in the Univention App Center, which already have a SAML service provider configuration, for example Nextcloud, Office 365 or Rocket.Chat, are pre-configured in this way after installation. For others you can add this by manually adding a SAML service.
Two Standards But One Common Single Sign-on – Integration of SAML and OpenID Connect
The integration of Kopano Konnect in the single sign-on network of Univention Corporate Server is an additional option for users to access a range of various applications that are integrated in UCS via a single, initial login … more
Afterwards all users of the selected group can log in to the relevant service via single sign-on. In this way, administrators can activate single sign-on access to, for example, Rocket.Chat with just a few clicks by simply assigning the Rocket.Chat SAML service provider to the group ‘Domain Users’. By default, every newly created UCS user will now be a member of the ‘Domain Users’ group.
If you have any questions or comments on the topic, we look forward to your comments on this blog article.
Nico Gulden studied applied computer science and works for Univention since 2010. As technical editor he is responsible for maintenance and expansion of the product documentation. His spare time is dedicated to his family, reading, outdoor activities like cycling, photography, Geocaching and voluntary work with children and young people.