Single Sign On (SSO) can be implemented with Active Directory/LDAP/LDAPS only in Production, to reduce the need for patrons to remember multiple passwords and to remove multiple authentication challenges from accessing Infiniti. Infiniti authenticates against the AD or LDAP password.


Usernames and Network IDs


SSO will only work if a patron's Infiniti username matches their network ID. If your patron's usernames do not match their network IDs your IT Manager must align them prior to implementing SSO.

 

Preparation for SSO

  1. Username - must match network ID to facilitate single point authentication.
  2. Populate the Settings > Integration parameters and turn on your LDAP authentication.


Testing Active Directory/LDAP/LDAPS
  1. Set up a test user in Infiniti and AD to test the active directory locally.


Whitelist this IP address for domain concordinfiniti.com:

         

  1. IP address: 52.64.168.106

Whitelist this IP address for domain concordinfiniti.co.uk :


  1. IP address: 52.56.156.42


Enable Active Directory/LDAP/LDAPS Integration


Go to: Settings  > Integration


  1. Open Active Directory tab.
  2. Switch Active Directory Enabled .
  3. Add Active Directory Domain(s) separated by commas if more than one. e.g., myschool.edu,students.myschool.edu
  4. Add the Active directory URL/Port, e.g., ldap://IP address:portnumber eg. 389, 3268Note: The IP address should be an external facing IP address.
  5. Ensure that your chosen port is not blocked and add a firewall exception if necessary.
  6. Click .
  7. Optionally Test Connectivity of your connection.

Test SSO
  1. Logon to your school network as the test user you have created.
  2. Open the Infiniti logon page.
  3. Logon to Infiniti using the same username and password you used to logon to your school network.