Create an SSO Login for Applications to Groups

Headerbild: SSO mit SAML für UCS-Gruppen
Since the introduction of single sign-on support in Univention Corporate Server (UCS) via Secure Authentication Markup Language (SAML), an administrator can assign a user within the user object to those applications, called service providers in the SAML context, he or she can log in to via single sign-on. As for administrators in organizations with many users, this assignment can be time-consuming.

Two Standards But One Common Single Sign-on – Integration of SAML and OpenID Connect

The integration of Kopano Konnect in the single sign-on network of Univention Corporate Server is an additional option for users to access a range of various applications that are integrated in UCS via a single, initial login using their user name and password.
The two authentication standards SAML (Security Assertion Markup Language) and OpenID Connect have already been available to UCS users for some time. So far, however, these two technologies have been two separated worlds. If some of the web services used SAML and others OpenID Connect for the authentication against UCS’ identity management, users were forced to log in twice in those environments with multiple services. With the support of the Kopano team, we were able to release an extension of the app “OpenID Connect ID” in the App Center. This is integrating the two standards with each other and thus allows a single authentication process by the end user.
I would like to briefly explain how a single sign-on generally works with UCS. Then I explain the interaction of Kerberos, SAML, and OpenID Connect and show you which functions the new implementation of Kopano Konnect offers to UCS users.

Jitsi Meet and the UCS Identity Management

In recent weeks, the increased demand for video conferencing solutions has kept us in the App Center team busy with the question of how Univention can help companies, organizations and school authorities to communicate effectively in digital form without leaving out aspects of data protection. For this reason, we have intensively studied various open source solutions for video conferencing and published quickly Jitsi Meet as an app in the App Center. It is now available to UCS users for easy installation.
Jitsi is a fully encrypted and 100% open source video conferencing solution. The connection to the UCS directory service via LDAP is already configured. Therefore, administrators of a UCS environment can give users access to Jitsi with their regular username and password using the Univention Management Console (UMC). Then Jitsi can be easily accessed from the UCS portal. In this blog post, I would like to show you the most important installation steps and then focus on the different use cases regarding user authentication. Organizations can use Jitsi Meet on Univention Corporate Server (UCS) to specifically control how open they make the access to the app and which users can conduct video conferences.

Register your own Account – new Self Service for SUSE and UCS

In this article I’m going to introduce our project self-registration of users via UCS Self Services, which we have just implemented for SUSE Software Solutions Germany GmbH and their Bugzilla and openSUSE Build Service (OBS). The OBS platform is mainly used to develop the openSUSE Linux distribution, but also helps to build packages for Fedora, Debian GNU/Linux, Ubuntu and, of course, SUSE Linux Enterprise. At the time of writing this article, the openSUSE Build Service hosts about 26,000 projects, approximately 190,000 packages in 36,000 repositories. About 33,000 developers use the service and have registered an account.

Practical Use of the REST API Using the Example of EGroupware

The Univention Directory Manager (UDM) enables access to content in the LDAP directory service, for example viewing, editing, deleting, and moving of objects (users, groups, computers, printers, shares, etc.).
The UDM can be accessed and controlled via both the web interface and the command line. In UCS 4.4-2, a third option has now also been added: the REST API. This interface connects applications with the UCS directory service via HTTPS and supports the maintenance of the user properties or computer objects of the connected systems.
This article begins by explaining the technical background of the REST API and its implementation in UCS.
During the implementation of the REST API, an exciting exchange took place between Univention and the developers at EGroupware GmbH in Kaiserslautern, Germany. As a result, EGroupware became the first solution to employ the new interface in the Univention App Center. In the second section of the article, Ralf Becker from EGroupware explains the implementation of the new API and the advantages it offers providers of third-party applications.

Provide Solutions for Home Office Team Collaboration

In recent days and weeks, many employees retreated to home office to break chains of infection, others plan or would like to do so. But not everyone has the tools to continue working productively and together with colleagues in as many areas as possible. Working remotely and the collaboration of several people from the home office place special demands on the way a team works and on the tools it uses.
As an open hyperintegration platform and with the Univention App Center, Univention Corporate Server (UCS) offers a whole range of different applications which enable effective and collaborative working from the home office. Among the more than 90 applications in the App Center are solutions for file sharing (Nextcloud, ownCloud or Seafile), for project management (OpenProject and the Kanban solution Wekan), video conference (Kopano Meet), real-time communication (Rocket.Chat) or knowledge transfer (MediaWiki Bluespice). All these solutions are also available as virtual appliances with a pre-configured UCS, which you can put into operation with a very manageable effort and make available to your colleagues for the home office.

Separation of Users in Office 365 Through Synchronization of Several Azure Active Directories

Identities and roles in a Microsoft Azure AD environment can be provisioned very easily thanks to the Office 365 Connector App for UCS. Users can get an easy single sign-on access to Office 365 resources while maintaining control over the information conveyed about each identity.

Moreover, in a UCS environment, precise permissions are often defined to control the visibility of user properties within an organization. Especially in large environments it is necessary that not every user “sees” every other user. For example, the data protection requirements at schools are implemented by UCS@school: The school authorities can administer user accounts centrally across all schools, but users only “see” each other within their own school. In a single Azure AD, such a separation is generally not provided, but the creation of several Azure AD or tenants is expected.

In this article I am going to explain how you can implement such separate setups with UCS for Azure AD more easily and how the scenarios are structured since the last update of the Office 365 Connector App.

Crust: Digital Sovereignty for your Business with the Open Source Salesforce Alternative

Crust is now available in the Univention App Center. What is it and why should you try it out?

About Crust

Image: crust interfaceMore and more organisations are turning to Crust as a Salesforce alternative, for the feature set, the lower costs and the ability to self-host.

The Crust platform includes a CRM, Service Cloud, Enterprise Messaging and an industry-leading Low Code Development Environment for building End-to-End Business Process Management applications.

Crust is a mobile-friendly, customer-scale application, capable of handling giant populations within the application itself. Designed to be either self-hosted or run in the cloud, Crust is 100% extensible with rich API’s and third party application integration features.

How to Deploy Meet Videoconferencing on UCS

Communication is at the core of any business. Lack thereof can create misunderstanding and friction. The fact that today’s modern workplace is no longer bound to a single physical location, has made communication between professionals more challenging though. Fortunately, technologies like email, chat and online video meetings are here to help us out.

The Univention App Center already offered apps for email and chat. And now, you can also make use of the great advantages of video communication thanks to Meet videocalling on UCS.