Novatus provide a Single-‐Sign-‐On Service (“SSO”) for our clients to provide ease of user administration and greater security controls. Ideal for clients with a large user base, the ease of implementation and affordable cost, makes this a great solution for all Novatus customers. Novatus utilizes the widely used SAML method for our SSO Solution.
SSO Technical Services Description
The Novatus SAML SSO service is based on SAML2, utilizing the HTTP Redirect binding for SP to IDP communication and the HTTP Post binding for IDP to SP communication. We require the assertions to be digitally signed in order to validate the request. This solution offers two methods for authentication:
Users are created and all user information is maintained within the application, the login name for a specific user then must match the Name ID in the subject passed via the assertion.
Authentication and Authorization
If a user does not exist within the application upon the user’s first access, the user will automatically be created. Group permissions are passed as attributes in the assertion and mapped to pre-‐defined roles within the Novatus Contract application to determine the users access level.
SAML Solution Options
For clients who are considering deployment of SAML to support SSO for their contract management solution, Novatus provides the following information for your reference. SAML is a widely used, easy to deploy, and affordable solution.
Security Assertion Markup Language 2.0 (SAML 2.0) is a version of the SAML OASIS standard for exchanging authentication and authorization data between security domains. SAML 2.0 is an XML-‐based protocol that uses security tokens containing assertions to pass information about a principal (usually an end-‐user) between an identity provider and a web service. SAML 2.0 enables web-‐based authentication and authorization scenarios including single sign-‐on (SSO).
There are a number of reputable suppliers in the identity management space. Following are the major solution providers:
Siteminder (now owned by CA)
A large suite for your identity management needs which includes federation using SAML2. This suite is in use by our clients currently in conjunction with our SSO offerings. You can find more information at:
Another total suite that integrates with Active Directory to provide federation and single sign-‐on across the enterprise. More information at: http://www.pingidentity.com/
Microsoft AD FS 2.0
AD FS 2.0 added the ability to use SAML2 for federation and as a Microsoft product integrates completely with existing Active Directory deployments. You can find more information at:
The download for the software is available at:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=118c3588-‐ 9070-‐426a-‐ b655-‐6cec0a92c10b&displaylang=en
SSO Technical Services Summary
The Novatus Single-‐Sign-‐On Technical Services offering is performed by highly experienced senior technical resources who work with your internal IT organization. Upon installation of the SSO, Novatus will perform testing and quality assurance with your IT work with the SEL Technical Team to ensure full accuracy. Upon completion of the installation and testing the SSO solution will be immediately available. Upon login to your internal network, your Novatus Contracts users will have the proper access and credentials in your Novatus contract management system.