These pages describes how to integrate SharePoint 2013 with Ubisecure SSO using the WS-Federation protocol. The knowledge of basic Ubisecure SSO management (e.g. creating agents and authorization policies) is necessary to perform the necessary configuration steps.

The result is a SharePoint 2013 environment, where the Ubisecure SSO handles user authentication. This enables the flexible use of strong authentication mechanisms not natively supported by SharePoint or ADFS 2.0. High-level access control and authorization policies are centrally managed through the Ubilogin Management application.

Related Pages

Use the following references to guide you to other topics related to the SharePoint Integration.

Page	DESCRIPTION
SSO Management	Describes main user tasks in the Ubilogin Management application of the Ubisecure SSO application.
Windows Authentication Provider	Describes how to install and configure Windows Authentication Provider, which enables local domain users to sign-in using Windows SSO
SSO Active Directory integration	Describes how to link Ubisecure SSO to an existing AD instance, enabling local domain users to sign-in using their Windows username and password, enables linking of third-party credentials to an AD account, use of SMS and OTP authentication methods.


Figure 1. SharePoint 2013 Integration architecture overview

Prerequisites

SharePoint 2013 is installed: SharePoint has been installed and you can access SharePoint Central Administration as Administrator. For instance, by following the guide: Test Lab Guide: Configure SharePoint Server 2013 as a Single Server with Microsoft SQL Server you can set up a simple SharePoint environment: https://technet.microsoft.com/en-us/library/cc262243.aspx

Ubisecure SSO is installed: Ubisecure SSO is installed and you can log in as Administrator. Test users have been created.

In this guide, it is assumed that both SharePoint and Ubisecure SSO are running in its own server. Other configurations are technically possible (subject to standard hardware and software limitations), but have not been explicitly tested.

Terminology

Some terms are called by different names in the SharePoint environment. Here is a summary of the exchangeable terms.

Microsoft	SAML2 / Ubisecure SSO
Claim	Assertion Attribute
Claims Provider	Identity Provider
Claim Rule	Authorization Policy / Authorization Policy Attribute
Relying Party	Service Provider

Authentication process

In the authentication process, Ubisecure SSO provides the identity to SharePoint in the form of claims. The identity protocol used between Ubisecure SSO and SharePoint is WS-Federation.
From the SharePoint's point of view, Ubisecure SSO acts as an identity provider (claim provider) and from Ubisecure SSO's point of view, SharePoint acts as a service provider (relying party).
This document does not cover the installation of Windows Authentication Provider and configuration of required user account mappings. These tasks are documented in the Ubisecure Windows Authentication Provider guide and Ubisecure Active Directory Integration guide.

Browser not supported