Integrate using SAML
You can authenticate your users with third-party products. Users can log in to their existing system, then click the IT Asset Manager icon for access.
SAML is the recommended method.
| Note: See SAML FAQs. |
There are three one-time procedures to integrate your district’s current identity provider with IT Asset Manager:
- Create a SAML application within your identity provider.
- Configure your identity provider within IT Asset Manager.
- Set default roles for users who log in via this SAML integration.
IT Asset Manager currently supports the following:
Frequently Asked Questions
What is the difference between LDAP (Active Directory) and SAML?
| LDAP (Active Directory) | SAML |
|---|---|
| A firewall must be open to Follett's IP address in order to sync user info on a nightly basis. | No open firewall needed to sync. |
|
All staff members must have accounts, even though some may not use the program. This has the potential to create bloat in both the Users and Groups sections within IT Asset Manager. |
User accounts are created when staff members log in to IT Asset Manager for the first time. |
| Users log in with an Active Directory username and password on the login page. |
Users can log in with a button. They do not need to enter any credentials. Users can also log in through an app portal if they have one. |
Do I need to implement both LDAP and SAML for my organization? I have LDAP set up, but want to use SAML instead.
Active Directory is not needed if you would like to utilize SAML. User requests, profiles, etc. will not be impacted by implementing any SSO changes. If you have the existing LDAP integration configured, then you have three options:
- Delete the LDAP settings after SAML is configured. Users will no longer be able to use their Active Directory username and password to access IT Asset Manager. Instead, they will click the login button. They would also be able to access IT Asset Manager through any app portal.
- Implement both LDAP and SAML. If you keep the Active Directory setup, users can log in by either entering their credentials or using the button.
- Turn off the LDAP sync, and configure SAML. Existing users can log in using either their credentials or the login button. Users added to Active Directory must use the button, or log in via the app portal.
What is the difference between the OAuth 2.0 Google SSO integration and the SAML Google SSO integration?
| OAuth 2.0 | SAML |
|---|---|
| All staff members must have accounts, even though some may not use the program. This has the potential to create bloat in both the Users and Groups sections within IT Asset Manager. |
User accounts are created when the staff member logs in to IT Asset Manager for the first time. |
| Users can only sign in on the IT Asset Manager login page. | Users can access IT Asset Manager from either the login page or the Google Apps portal. |