Your campus may have a portal that provides centralized access to the various online applications your users require. Faculty Success supports pass-through authentication that enables you to add a link to your portal, such as "Access Faculty Success" or "Faculty Activity Reporting System." After selecting this link, users are automatically logged in to Faculty Success behind-the-scenes.
Users will need to authenticate against one of your campus servers. If the user is logging solely into Faculty Success, you may choose to skip the following step, generate the encrypted authentication token immediately, and redirect the user directly to Faculty Success authentication URL.
If the user is logging into a campus-wide web portal, you could present a link among the menu of destinations accessible from the portal. This link should point to a script on a campus server that can generate the signed authentication token, and redirect the user to a Faculty Success authentication URL.
The Faculty Success authentication URL accepts the signed token, then decrypts and verifies the following:
- The specified user has a Faculty Success user account
- The authentication token has not expired
- The user's IP address matches the IP address specified in the token (optional)
- The user's HTTP referrer matches a list of known URLs (optional)
- The signature is valid for all supplied values
Figure 3 – Using Portal Authentication.
Portal authentication is a secure authentication method. Your users never have to provide their credentials to a Faculty Success server, only to the server managed by your campus. The token is encrypted using HMAC-signed authentication and contains the user’s Faculty Success username and an expiration date. The token is only submitted once, during the initial redirection to Faculty Success. Faculty Success can also verify the HTTP referrer on the request to be sure it came from your campus. In addition, you can use any authentication method you wish at your campus.
Some of the individuals whose activities you track in Faculty Success may not have accounts in your campus system. You may also wish to leave some administrator accounts to use Faculty Success default Local Authentication so they may still access Faculty Success, even if the portal fails. You will need to provide a list of those user accounts that should continue to use the default, Local Authentication.
Portal Authentication requires the most effort from your campus’s technical staff of the three Advanced Authentication methods supported by Faculty Success, but provides a secure and convenient solution. To implement it, your campus will need to:
- Write a script to create the encrypted token
- Successfully complete the authentication test on the Portal Authentication test page: https://www.digitalmeasures.com/login/dm/faculty/authentication/HMACTest.do
- Place a link on your campus’s portal site that will call the token script
Once your technical staff has completed the required steps, they will need to provide you the following technical details:
- Secure HTTPS-Referrer(s) that Faculty Success should validate for, if any
- URL for users to log into your portal, which will be used to redirect users when they log out of Faculty Success or if their session times out
- A single sign-off URL, if your campus has one (optional)
- A URL for authentication errors, if users should receive instructions regarding who to contact in case access is denied (optional)
Note:Users can no longer use the Faculty Success login page after they have been switched to Portal Authentication.
Once you have received this information, submit a General work request with it and your list of excluded users, if any. Faculty Success will complete the necessary work to configure Portal Authentication for you in Faculty Success. Faculty Success will provide the production URL and encryption key and ask you to confirm the date to switch user accounts to Portal Authentication.