This guide relates to our Simple Sign-On (SSO), Surp4ss! and IDx (Identity Exchange) products.
- We provide hands-on support throughout the onboarding process. This will generally take the form of MS Teams calls and screen-share/remote access via TeamViewer
- Please make sure you are using version 10 of TeamViewer.
- We will need TeamViewer access to your primary Active Directory in order to install our secure sync client 'SPS/Agent' software. This will not work on a read only machine
- You will need to allow outbound traffic through firewall ports 1268 & 1443
- We require information on your AD FQDN and NetBIOS
- You should decide on your preferred log in requirements (email, samaccountname or UPN) (*Simple Sign-On only)
- We may need an Office 365 global admin account
- This needs to be 'in cloud' with an onmicrosoft.com email address. This grants us permission to provision users into your Office 365 tenancy.
- You might consider creating a dedicated one for IAM Cloud that you can block/deactivate in future should you wish to move on from our products.
- You should have a list of domains you would like to federate
- Our SSO, Identity and Password products work on the basis of 'classifications' - these are the rough grouping of accounts. Many of our features work on a per-classification basis, so by sub-dividing users you get greater granular control over our products. That said - the more granular you make the classifications, the greater the administrative overhead. So we recommend trying to keep things simple and finding the right balance for your organisation. In a school, for example, this may be as simple as having a classification for Staff and a classification for Students.
- Classifications are what defines an account to be synced to IAM Cloud. We assign permissions, restrictions, etc based on classifications. We can classify on any attribute the user have on your Active Directory, including which OU the user is in.
- Common types of classifications are: Staff, Students, HR, Administration.
- Preferred smart link configurations
- Smartlinks are clever little links that direct users to their federated applications via our SSO service first. They can be embedded in portals, desktop shortcuts, browser favorites etc and give you a great way of providing your users with simple seamless "pre-authenticated" access to your applications.
- If you do want any smart links, you will need to apply group policies to your network.
- You may also want to CNAME the smartlinks so they come from your own domain, e.g. email.yourdomain.com
- Preferred de-provisioning rules
- This information regards how you want IAM Cloud to handle users that you delete from your Active Directory.
- We can delete users from our systems, immediately freeing up the license and deleting all their Office 365 files and emails, OR we can leave the user on our system, but deactivate them (those users will not be able to log in). This will preserve their Office 365 files and emails until the object is deleted from our systems, but can also cause issues with new accounts that have the same unique information as the deactivated user (like an email address).
- Licensing requirements
- You can handle all licensing OR we can apply a default license for new users, allowing you to make any changes you wish OR we can apply a license and overwrite any changes made on your end.
- Preference of syncing contacts, security groups, and distribution groups
- If you would like to sync any of the above, we will need the OU location of each of these (or whichever you would like to sync).
- List of any SAML applications you would like to federate
- IAM Cloud can also authenticate to most SAML applications. If you require one federating to our platform, please let us know and we can configure for you.
- Supply test account - username and password
- List of users who you would like access to the IAM Cloud Portal (Admin Access)
- All admins will only receive their logins after they attend the final call portal demo.
- List of users who will create support tickets
If you need any assistance please do not hesitate to contact us: email@example.com