Single Sign On (SSO) can be implemented with Active Directory using LDAP or LDAPS to reduce the need for patrons to remember multiple passwords and to remove multiple authentication challenges from accessing Infiniti and LibPaths. Authentication is against the local AD or LDAP/LDAPS password.


Note: Your system must be operating in Production mode to implement SSO.


Usernames and Network IDs


Note: SSO will only work if a person's username matches their network ID. If your usernames do not match network IDs your IT Manager must align them prior to implementing SSO.

 

Preparation for SSO

  1. Username - must match network ID to facilitate single point authentication.
  2. Populate the Settings> Integration parameters and turn on your authentication method.

Testing Active Directory/LDAP/LDAPS
  1. Set up a test user in Infiniti and AD to test the active directory locally.


Whitelist this IP address for domain concordinfiniti.com:

         

  1. IP address: 52.64.168.106

Whitelist this IP address for domain concordinfiniti.co.uk:


  1. IP address: 52.56.156.42


Enable Active Directory/LDAP/LDAPS Integration


Go to: Settings> Integration

  1. Open Active Directory tab.
  2. Switch Active Directory Enabled.
  3. Add Active Directory Domain(s) separated by commas if more than one, e.g., myschool.edu,students.myschool.edu
  4. Add the Active directory URL/Port, e.g., ldap://IP address:portnumber, e.g., 389, 3268. Note: The IP address should be an external facing IP address.
  5. Ensure that your chosen port is not blocked and add a firewall exception if necessary.
  6. .
  7. Optionally Test Connectivity of your connection.

Test SSO Connectivity
  1. Logon to your school network as the test user you have created.
  2. Open the Infiniti logon page.
  3. Logon to Infiniti using the same username and password you used to logon to your school network.