SAML 2.0 (Shibboleth / ADFS) | SSO

Return to Index

Roompact is configured as a Shibboleth Service Provider (SP) and supports user authentication using the SAML 2.0 protocol. This allows for a single sign-on integration to be deployed at any institution that has a Shibboleth, Active Directory Federation Services, or other SAML 2.0 Identity Provider (IdP) configured.

Procedure Overview

The general SAML-based authentication procedure is as follows:

1. A user visits Roompact and selects to login and is prompted to enter their Roompact account email address. A browser cookie indicating which account the user is attempting to log in as is set in the user’s browser.
2. The user gets redirected to their institution’s SAML IdP login portal.
3. The user enters their username and password to login.
4. If they are successfully authenticated, they will get redirected back to Roompact with a SAML response attached to the request.
5. The Roompact SP will verify the authenticity of the SAML response against the IdP.
6. If the validation is successful, the user’s identity attributes are extracted from the SAML response and passed to the Roompact application.
7. If the identity attributes match a Roompact user account that exists for the given institution, the user is authenticated and redirected to their Roompact dashboard.

NOTE: Users can skip step 1 if the institution opts to embed a Roompact SAML login URL in portal website or use some other means of distribution. This URL is institution-specific and can be provided upon request.

NOTE: Steps 4 - 7 are completely transparent to the user and instantaneous. The user gets redirected and sees their dashboard immediately after entering their login credentials.

What Roompact Needs

For successful integration, Roompact needs the following pieces of information:

• The institution’s IdP Metadata
• The URN of an email address attribute and a unique identifier attribute that will be sent from the IdP in the SAML response

NOTE: The unique identifier attribute must be an exact match of the user_uid field sent via the student roster API

Where to Send This Information

A member of Roompact’s technical team will be able to assist you in configuring Shibboleth/ADFS for your institution. If you do not already have a technical contact at Roompact, please email implementation@roompact.com and a staff member will be in contact with you.

Roompact Service Provider Metadata

Roompact’s SP metadata is available for download here.

InCommon Membership

Roompact is NOT currently a member of the InCommon Federation.