GLUU - User Provisioning: Difference between revisions

From NIEF Wiki
Jump to navigation Jump to search
(Created page with "This page discusses the process for provisioning new users, enabling users to be GLUU admins (and thus allowing them to add users), and the process for registering their mobil...")
 
 
(7 intermediate revisions by the same user not shown)
Line 4: Line 4:
Perhaps useful to bookmark: [https://fido-di3-idp.hamiltontn.gov/  https://fido-di3-idp.hamiltontn.gov/].
Perhaps useful to bookmark: [https://fido-di3-idp.hamiltontn.gov/  https://fido-di3-idp.hamiltontn.gov/].


[[File:GLUU - Admin Login - Registration.png|frameless|center]]
[[File:Gluu-fido-register.png|frame|center]]
 


Using the ThumbSignIn app on your mobile device login by scanning the QR code seen.  When logging into the admin panel with an existing credential you ignore the right half of the page about registering.  That part of the page will be used to register a new device.
Using the ThumbSignIn app on your mobile device login by scanning the QR code seen.  When logging into the admin panel with an existing credential you ignore the right half of the page about registering.  That part of the page will be used to register a new device.
== Adding User ==
Navigate to the '''Add person''' link under Users to add a new user as seen below:
[[File:GLUU - Add User.png|frame|center]]
* The ''Username'' must match the user's existing DI3 account name as attributes will be directly retrieved from the DI3 database.
* The ''Password'' will only be used once to bind the mobile device, it does not need to match the existing account.  It can be anything and is temporary.
* All other fields are irrelevant, but likely should be filled out correctly for the sake of clarity.
=== Making User an Admin ===
Following the ''Users -> Manage Groups'' link, and then select the ''Gluu Manager Group'' link.  You should see a page like this:
[[File:Making a User an Admin.png|frame|center]]
Click the Add member link and then use the search dialog to search for them by username.  Then you must click ''Ok'' and on the screen seen above hit ''Update''. If you don't hit both, the change will not be recorded.
== User Registering Mobile Device ==
[[File:Gluu-fido-register.png|frame|center]]
On this page, the user inputs the username and password specified during the provisioning process and clicks "Login".  This will display a QR code you can scan to register your phone, as seen below:
[[File:Gluu-fido-registration-qr.png|frame|center]]
After going through the prompts on the cellphone you will see a registered successfully message on screen:
[[File:Registered-successfully.png|frame|center]]
== Testing SAML Login ==
* Logging directly into the DI3 Secure Law Enforcement Portal: [https://secure.rid-meth.org/Shibboleth.sso/Login?entityID=https://fido-di3-idp.hamiltontn.gov/idp/shibboleth&target=https://secure.rid-meth.org/TMISHome/Home.aspx https://secure.rid-meth.org/Shibboleth.sso/Login?entityID=https://fido-di3-idp.hamiltontn.gov/idp/shibboleth&target=https://secure.rid-meth.org/TMISHome/Home.aspx]. 
* Logging and testing with the NIEF Testbed (to validate credentials): [https://testsp.nief.org/Shibboleth.sso/Login?entityID=https://fido-di3-idp.hamiltontn.gov/idp/shibboleth&target=https://testsp.nief.org/prot/ https://testsp.nief.org/Shibboleth.sso/Login?entityID=https://fido-di3-idp.hamiltontn.gov/idp/shibboleth&target=https://testsp.nief.org/prot/].
* Logging directly into RISS [https://adfs.riss.net/adfs/ls/?wtrealm=https%3a%2f%2fmain.riss.net%2f&wa=wsignin1.0&RedirectToIdentityProvider=https%3a%2f%2ffido-di3-idp.hamiltontn.gov%2fidp%2fshibboleth https://adfs.riss.net/adfs/ls/?wtrealm=https%3a%2f%2fmain.riss.net%2f&wa=wsignin1.0&RedirectToIdentityProvider=https%3a%2f%2ffido-di3-idp.hamiltontn.gov%2fidp%2fshibboleth].

Latest revision as of 19:13, 15 July 2019

This page discusses the process for provisioning new users, enabling users to be GLUU admins (and thus allowing them to add users), and the process for registering their mobile device with their GLUU account.

GLUU Login

Perhaps useful to bookmark: https://fido-di3-idp.hamiltontn.gov/.

Gluu-fido-register.png


Using the ThumbSignIn app on your mobile device login by scanning the QR code seen. When logging into the admin panel with an existing credential you ignore the right half of the page about registering. That part of the page will be used to register a new device.

Adding User

Navigate to the Add person link under Users to add a new user as seen below:

GLUU - Add User.png
  • The Username must match the user's existing DI3 account name as attributes will be directly retrieved from the DI3 database.
  • The Password will only be used once to bind the mobile device, it does not need to match the existing account. It can be anything and is temporary.
  • All other fields are irrelevant, but likely should be filled out correctly for the sake of clarity.

Making User an Admin

Following the Users -> Manage Groups link, and then select the Gluu Manager Group link. You should see a page like this:

Making a User an Admin.png

Click the Add member link and then use the search dialog to search for them by username. Then you must click Ok and on the screen seen above hit Update. If you don't hit both, the change will not be recorded.

User Registering Mobile Device

Gluu-fido-register.png

On this page, the user inputs the username and password specified during the provisioning process and clicks "Login". This will display a QR code you can scan to register your phone, as seen below:

Gluu-fido-registration-qr.png

After going through the prompts on the cellphone you will see a registered successfully message on screen:

Registered-successfully.png

Testing SAML Login