To begin, a department should put in a UGA SSO Integration. The request should include your completed project plan and test plan.
The request is sent to InfoSec for review, and then to IDM for the development work.
Once the application has moved through development, the application owner must verify it works in development and sign off on the application. This process is also repeated for stage and production environments.
You can find more information about the steps for transitioning applications in the UGA SSO Project Plan Template.
EITS must ensure all applications using UGA SSO have been security tested. Therefore, wildcards are discouraged. In times of great need, IDM and InfoSec can work with departments. Each case will be reviewed based on the need for security testing and application identification clarity.
EITS does not test applications in production. Departments should have development and test environments for testing future patches and releases. Applications with only one environment may need to schedule time to point to test and stage for departmental application sign-off.
When you sign off on the workflow for development, stage, and production, you are verifying that the application is working as expected with your test plans. Having the application owner sign off is critical to move forward in the workflow path for the UGA SSO migration. Please make sure you sign off promptly when it is working in the environment to keep the workflow moving.
We are moving from five authentication services to one, UGA SSO. This also means all applications at UGA share UGA SSO. We know that many systems are very important to departments and the university. To be mindful of the various needs of availability, 11 p.m. on Friday was the least impactful time for maintenances. We work to ensure SSO updates are low impact. Some applications may not see any disruptions at all.
Application owners should include the hosted environment’s contact information in their project plan. Hosted applications follow the same process for migration – the application will need to tested in dev, stage and prod, and the application owner must sign off on each step.
The process for moving to UGA SSO is the same for a new or existing application.
Using authentication services is a very common industry standard for applications. EITS does not have a list of all applications that can use our identity providers.
The SSO servers available are ugasso.uga.edu, ugasso.dev.uga.edu, and ugasso.stage.uga.edu.
Dev uses Dev AD. Please put in a request for test accounts. EITS can make those accounts look like production accounts if needed. Stage uses production AD, so it will mimic production.
UGA SSO pulls AD attributes. UGA SSO is an authentication service and not configured as an authorization service. AD attributes can be sent to applications for authorization.
Security reviews will vary based on the application and environment. Application owners can communicate to Infosec about their review via the comments in the tickets.
Most maintenance windows will not see a large disruption and most apps should remain working.
Application owners can put in as many dev instances as needed.