In the coming release of release R20d in August 2020, a feature is available to provision users in Calem based on SAML SSO. The feature allows an organization to centralize user management in its ID Provider. Calem provisions an authenticated user in Calem, or update the user settings accordingly.
The following SAML attributes from an authenticated user may be used to provision a user record in Calem.
Attribute | Mandatory |
Full Name (givenname and surname) |
Y |
User Id | Y |
Y | |
Group - mapped to Profiles in Calem | Y |
Plugins must be configured to enable user provisioning. A plugin includes business logic meeting the specific requirements of the integration for an organization.
$_CALEM_dist['saml_conf']['user_provision_plugin']='itiga';
The user provisioning includes the following data integration points.
1. Direct Mapping - a SAML attribute is mapped to a field in Calem |
2. Lookup Mapping - a SAML attribute is mapped to a lookup field in Calem |
3. Default fields values |
4. Custom Handling - the custom business logic provided by a plugin |
5. Additional configuration - additional configuration data may be supplied in other files for a plugin. For instance, "itiga_conf.php" and "itiga_conf.custom.php", and "itiga_map.php" are included for "itiga" plugin. Additional information can be found in the README.txt file for a plugin. |
The following is the sample configuration for the data integration defined in calem.custom.php.
$_CALEM_dist['saml_conf']['user_provision_map']=array( //Direct mapping to saml attr 'direct'=>array( 'username'=>'https://schemas.xmlsoap.org/ws/2005/05/identity/claims/objectidentifier', 'email'=>'https://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress' ), //Saml attr is a lookup value 'lookup'=>array( ), //Default values to set 'defaults'=>array( 'login_allowed'=>1, 'status_id'=>'us_active', 'site_id'=>'1000000' ), //custom logic, value is attr or null (indirect attributes) 'custom'=>array( 'team_id'=>'TeamCompany', 'profle_id'=>'EAMGroupId', 'full_name'=>null ) );
Option 1. Group by a Custom Plugin
The group Id is mapped to a set of ACL profiles in Calem. The first option is to use a custom plugin to provision ACL profiles, maintenance flag, team and organization. It requires the development of a custom plugin. This option provides more flexibility per customer requirements. It is the only option for cases that cannot be handled by option 2.
The second option is to use the profile set plugin in Calem. This plugin uses the profile sets configured in Calem to provision users authenticated by IdP (Id Provider).
Additional Resources
By accepting you will be accessing a service provided by a third-party external to https://calemeam.com/