[How to] Verify & Link various SSO models for ELMS e-academy
ELMS (e-academy License Management System) is a popular Web-based management system thru which organization can manage their software licensing needs and make software available to the community members. ELMS Webstore is the one stop repository of the software applications where organizations store the softwares. Microsoft’s DreamSpark, the then MSDNAA (MSDN Academic Alliance) is a large user of ELMS which many academic institutes and students use today. Using ELMS account, students and academic staffs can download softwares and their license serial keys with ease, this model of software distribution and licensing solution is far better than the traditional ones.
In this article, we discuss how to use Single Single-On (SSO) to verify the administration for ELMS (SSO for ELMS). ELMS requires its administrator to verify every user in order to authenticate into the system. This is because only authenticated users can order software from WebStore and the ELMS Administrator must define how their users are authenticated – referred to as methods of verification. Please, note that ELMS is just one of the three models to access and deploy software from DreamSpark, all three namely are,
- Thru MSDN Subscription Portal
- By activating ELMS
- By giving students access directly to DreamSpark
As written in official help contents of ELMS (#2 step in above list), there are many methods of verification of SSO for ELMS that can be used to authenticate users including email domain, user import, Integrated User Verification (IUV) and Shibboleth (from a Federated Identity Program).
SSO Verification Method
SSO verification methods allow a user to enter the same user id and password to log on to multiple related but independent software systems. The user logs in once and gains access to all systems without being prompted to log in again. This is one of the most common methods to authenticate users when there exists integration between multiple software or service applications.
Integrated User Verification (IUV) Method
Another method, Integrated User Verification (IUV) requires setting up and managing a single sign-on mechanism between an e-academy customer’s existing user authentication system (such as an LDAP directory) and an e-academy ELMS WebStore. In this IUV System of authentication, user’s existing credentials from LDAP or similar authentication mechanism is linked to the system where the authentication is to be applied, and users usually don’t require to enter credentials – users already logged in to system A will be logged to system B when IUV is in effect, far better system than the previous SSO verification method. ~ Detail IUV deployment guide
Shibboleth SSO System
Yet another SSO style but Federated Identity program, Shibboleth, is an SSO system that has achieved widespread adoption in academic communities worldwide. Reasons for this range from its academic and open source origins to its model of privacy protection that gives individuals and institutions a great deal of control over what personal information is released to external parties. Shibboleth requires establishing a single sign-on mechanism between an e-academy customer’s existing Shibboleth identity provider and an e-academy ELMS WebStore. e-academy is as Service Provider for multiple Shibboleth federations in the world. ~ Detail Shibboleth SSO deployment guide
A WebStore can have multiple verification methods defined, however only one Single Sign-On verification type can be active at a time. Therefore, a WebStore cannot use both IUV and Shibboleth as verification methods at the same time.
Software assurance managers and Academic Information System managers can get details for DreamSpark deployment for their university here. A piece of note, ELMS is never required if your students and academic staffs can directly login to DreamSpark main portal as listed above in #2.
Note: e-academy is now called Kivuto Solutions Inc.
Disclaimer: The author has successfully completed courses on Microsoft Subscriptions Manager, Online Services Manager, Software Assurance manager and Volume Licensing Administration.