Enboard SSO Integration App Installation

Guide Overview

The Enboard SSO Integration App allows administrators to facilitate logins through Enboard single-sign on in Incident IQ. This allows districts the ability to automatically populate and update user data in iiQ based on information from your local active directory server.

The following guide is designed to provide step-by-step instructions on how to install the Enboard SSO Integration app, establishing a link with Enboard for SSO functionality, as well as setting up a nightly task to sync user data with Incident IQ.

 

Guide Index

You can use the following links below to quickly navigate to a specific section in this document. To quickly return to this index simply use the Return to Index link located at the end of any section.

  1. Creating an Active Directory User
  2. App Installation
  3. App Configuration
  4. Establishing the IDP/ISP Connector with Enboard
  5. Creating a Scheduled Sync Task

 

Creating an Active Directory User

Before beginning the installation process you will need to ensure you have the following:

  • An active directory vendor account that has the following permissions: 
    • Replicating directory changes.
    • Replicating directory changes in filtered set.
    • Replicating directory changes all.
    • Read.
  • A machine that runs .NET Framework v.4.5.1 or higher and also has network access to reach your district's AD server.

warning.pngImportant Note: You will need to complete this step before proceeding. If you are unfamiliar with how to grant these specific permissions to a user then please refer to the following Microsoft help guide on Giving Users Replicating Directory Changes Permissions.

[Return to Index]

 

App Installation

To install the Enboard SSO integration app, begin by selecting Incident IQ Apps > Browse on the left navigation bar. Scroll down to the Single Sign-On section and click on the Enboard SSO app.

Enboard_App_Installtion_001.png

On the Enboard SSO app page click on Install.

Enboard_App_Installtion_002.png

Once the installation has been completed, click on Manage App Settings and continue to the next section to configure your Enboard SSO installation.

App_Installtion_003.png

[Return to Index]

 

App Configuration

On the Overview Tab select the two options: Enable User Login and Enable User Sync. Before doing anything else, you will need to check these two options and click Save.

App_Configuration_002.png

Next, click on the Sync Executable tab. 

App_Configuration_003.png

This page will assist you in setting up your connector app configuration file. At the very least, you will need to provide the following information:

  • AD Username (You will want to use the service account created in [section 1] of this document)
  • AD Password
  • AD Domain (Example: district.k12.tx.us)
  • AD Server IP (12.3.4.56)

App_Configuration_004.png

If desired, you may also set up OU exclusions to prevent account information stored within select AD OUs from being brought over during system syncs. Please note that setting up filters is entirely optional and can be updated at any time.

App_Configuration_005.png

Additionally, you can also enable the sync to copy over additional AD Attributes as well such as Student/Employee ID and Grade if those data points exist in AD. As with OU filters, this setting is entirely optional and can be updated at any time.

App_Configuration_006.png

Once you have completed entering your configuration information, click on Download Executable to download the connector app. Please note, you will want to download this connector app to a device that has access to your AD server and also runs overnight.

App_Configuration_007.png

After downloading the connector file, you will want to run a manual sync to test the connection as well as download user data to Incident IQ. To do this, run the IncidentIQ.Connectors.MicrosoftAd application (ignore the CONFIG File and PDB File in this case.) In the connector app window that appears, click Run now.

App_Configuration_008.png

If the app runs successfully, a data packet of user data will be sent to Incident IQ that can then be used to run a system sync.

[Return to Index]

 

Establishing the IDP/ISP Connection with Enboard

At this point in time, you will need to set up the SSO functionality of the Enboard SSO app. To do so, begin by going to the app Overview tab and clicking on the Download Service Provider Metadata button.

SAML_Link_001.png
You can use this metadata to setup a vendor account inside of Enboard for Incident IQ. Once you have your Enboard account setup, you will need to copy and paste the provided metadata link in Enboard into the URL field under the Identity Provider Settings tab within the Enboard SSO app in Incident IQ.

SAML_Link_002.png

Additionally, further down in this tab you will also need to map SAML attributes needed for login. (Usually login_id, username, email, sAMAccountName, etc.)

SAML_Link_003.png

After this tab has been configured, the Role mappings and Location mappings will need to be completed to map users to locations and roles within iiQ by OUs, groups, or any additional attribute that captures location or role for each user.

[Return to Index]

 

Creating a Scheduled Sync Task

To schedule the sync to occur automatically, you'll need to create a task in Windows Task Manager. You can do so by searching for Administrative Tools and selecting Task Scheduler. This will open the Task Scheduler window.

Task_Scheduler_1.png

In the Task Scheduler window, start by clicking on Action > Create Basic Task...

Task_Scheduler_2.png

This will open the Create Basic Task Wizard. At the very least, you will need to provide a name for the new task. You can also add a task if desired. Once complete, click Next.

Task_Scheduler_3.png

In the next step, you will be asked to select when this task should Trigger. We recommend running it daily (overnight) for the most accurate user data. Please ensure you set the task to run regardless of whether a user is logged in or not on the server. Once complete, click Next.

Task_Scheduler_4.png

For the next step, you will need to specify what action the task will take when running. Select Start a Program and then click on Next.

Task_Scheduler_5.png

When specifying the action to perform, locate the file IncidentIQ.Connectors.MicrosoftAd.exe in the Program/script file browser. Supply the argument -usersync in the Add arguments field. And finally, you will need to indicate the path you unzipped the files to in the Start in field. Once complete, click Next.

Task_Scheduler_6.png

In the final step, you may review all of the settings of your task. Once you have completed your review, check Open the Properties dialog for this task when I click Finish option and then click the Finish.

Task_Scheduler_7.png

In the sync properties window, you will need to check Run whether user is logged on or not as well as Run with highest privileges. Click OK to complete the sync setup.

Task_Scheduler_8.png

[Return to Index]

Was this article helpful?
0 out of 0 found this helpful