1. Home
  2. Help Desk
  3. Technical Support
  4. Login / Access
  5. Application SSO (Single Sign On) Request

Application SSO (Single Sign On) Request

Request SSO Authentication for a New Hosted Application:

Anyone wishing to have an application added into the Southern Connecticut State University (SCSU) MyApps Access Panel, and/or an application requiring new Single Sign On configuration, must submit the Application SSO Request Form below, to helpdesk@southernct.edu no later than 90 days prior to the anticipated publish date of the application. Approval of an application for inclusion in login.southernct.edu and/or federation with SCSU does NOT designate official approval by the BOR, nor SCSU IT.

SSO will allow an application to authenticate with SCSU Microsoft 365 accounts, utilizing the SAML or OAuth protocols and will require additional coordination and configuration to complete.

Fillable SSO Integration Request: PDF

All Single Sign On applications must go through an approval process:

  • All application SSO requests must have divisional approval prior to this form being submitted.
  • All applications must have an associated primary and backup functional owner. The functional owner is responsible for all facets of the application, including SAML x509 certificate renewals, vendor management, product support, etc.
  • All applications set up for SAML SSO, that have expired IdP SAML certificates, will have a new IdP SAML certificate generated and activated on the day of expiration. To avoid an interruption in SSO, the functional owner MUST work with their vendor prior to this date.
  • Applications utilizing OAuth will be further evaluated as to ensure and maintain best security practices.
  • No application may contain third-party advertising.
  • No application will be allowed to distribute Southern Connecticut State University data to any additional third party.
  • Southern Connecticut State University retains ownership of all data.
  • If this application will require an export file or data feed from our Banner system, a separate JIRA ticket must be entered and completed prior to submitting this form.
  • This application will only be presented with directory information. For more information on what is designated as directory information, see FERPA.

Renewal of x509 Azure Identity Provider SAML Certificates:

All Single Sign On SAML applications have an associated Identity Provider (IdP) x509 SAML certificate configured that expires every three years. As such, all Single Sign On SAML applications must be renewed at least every three years. Failure to do so will result in your application no longer being functional for user authentication.

Applications that have been set up for SAML SSO with our SCSU Azure Identity Provider have been streamlined so that functional owners can now renew the associated IdP x509 SAML certificate, for their respective applications.

If you are a functional owner of an application that has been configured for SAML SSO, you will receive a notification from our SCSU Microsoft Azure Identity Provider when your IdP x509 SAML certificate is about to expire, via an email from “Microsoft Security” with an email address of “MSSecurity-noreply@microsoft.com”.  The following is an example of what this will look like:

(Image of renew your application certificate action)

The first notification from Microsoft will be emailed to you 59 days prior to the certificate’s expiration date.

As functional owner, your next step is to ensure you are familiar with your application’s best practice to renew the associated Identity Provider (IdP) x509 SAML certificate, and to work with your vendor to update this certificate, prior to the expiration date.

These are some common questions to ask your service provider/vendor:

  • What is their exact process for updating IdP SAML certificates?
  • Are they using the live IdP Azure metadata URL?
  • Do IdP SAML certificates need to be uploaded manually?
  • Do they support having multiple active IdP SAML certs at the same time?

Once you are familiar with your application vendor’s IdP SAML certificate renewal practice, you can then follow Microsoft’s “Recommended action” to renew the certificate as per the email you received from Microsoft, as in the above screenshot example.

Please NOTE:  All IdP SAML certificates will be automatically rolled over to a new active SAML certificate should their respective active SAML certificate expire on the expiration date.

If you run into any problems or need additional guidance, please submit a helpdesk ticket via: https://helpdesk.southernct.edu

Last updated :