Timber Single Sign-On (SSO) Integration
Every campus has a portal where Students and Faculty login to view their resources, schedules, news, etc. With the addition of a new module, your Timber website will integrate with your Campus Network.
No matter what device they use (or where they are physically located), when Students and Faculty are signed-in to your Campus Network, they will also be signed-in to your Timber website.
How does the SSO Integration make your job easier?
- Provides a seamless experience for students, as the bookstore’s website becomes “just another Campus resource”.
- Eliminates customer confusion about usernames/passwords (which are no longer needed)
- Eliminates Textbook Fraud
- The Student e-Mail address and ID are auto-filled on the Checkout page
- The previous order-history will be preserved with their existing Bookstore/Timber account
Customers without a Campus login (parents/alumni/fans) can still use the site as they currently do.
For Bookstores that process Faculty/Department orders, your website will recognize Faculty too! Their orders can be processed as reservations, rather than forcing them to make a credit-card or FA payment.
What are the costs?
- There is a one-time installation fee of $950. We based this on an average setup time of about eight hours.
- There is a $15 monthly cost, as the app requires us to set up (and maintain) a separate server to support your site’s SSO login requests.
Protocols
With our Single Sign-On implementations, we use Security Assertion Markup Language (SAML), which is widely used in SSO. SAML exchanges authorization and authentication data in XML, the primary parts of this exchange include the user attempting to sign-in, the identity provider (your organization), and then the service provider (Herkimer).
The user story is as follows:
- The user attempts to login to the Timber platform.
- The service provider reaches out to the identity provider to verify if the user should have access to the platform
- The identity provider then verifies the users identity, if the users information is correct, the identity provider sends data back to the service provider that the user can access the platform they have requested
Implementation
Integrating SSO with Timber is pretty easy considering we only need a couple attributes to work with our system. Since we use SAML we request that you build out a SAML XML metadata document that contains attributes regarding your user. The attributes we care about the most is the users email address which is used for account generation and account merging if an account already exists for that email, then the student id. The student id is used to populate the checkout page since the student id is usually requred for most bookstores when certain products are in their cart or if they want to use Financial Aid to make purchases on the bookstore website.
The student id is also used for our Virtual Shelf integration, which can pull over the students course data and adopted textbooks to their user account on the bookstore website, Virtual Shelf is a different feature, but is dependant on SSO and the student id.
To reiterate the attributes we need in the SAML assertion data is:
- The email address attribute which contains the users email
- The attribute which contains the student id
Once we have the identity providers metadata we add it to our service provider, make some configuration adjustments to our system, then generate our updated metadata, which we will send to your team in XML format, which we would need you to add to your identity provider. Once we have exchanged metadata between the identity provider and the service provider we can begin the handshake where the systems can communicate.
At this point we usually request a test account to verify that the attributes are coming over correctly, users can get authenticated, and accounts are being generated with the correct permissions, if a test account can't be generated, we would need to connect with your team to go back and forth with an account.
If you have any questions, please do not hesitate to ask.