GoFAST: Administration

Introduction

This section of the documentation is intended for users with at least one of the following profiles :
  • Super-Administrator

  • User-Support

GoFAST makes it possible to distinguish the concept of “Profiles” that give various permissions on the platform, from the concept of “Roles” in the Collaborative Spaces. Be careful to distinguish between these two different concepts:
  • Profiles give various administrative permissions on the platform. These profiles are decorrelated to the roles that a user may have within the Collaborative Spaces. Please refer to the “Available profiles” section of this documentation.

  • Roles in Collaborative Spaces: Administrator, Contributor, Read Only. A user can have one of these 3 roles in each Space he is a member of. He may very well have the role of administrator in one space, as well as being read-only or contributor in other Spaces. For roles related to Collaborative Spaces and their administration, please refer to the section “Collaborative Spaces Management”.

Available profiles

To find out which profiles are assigned to you or what roles you have in the Spaces where you are a member, you can go to your user profile page, using your photo in the top right corner of the Quick Access Bar.

The 3 main profiles

  • Standard: no permission to administer the platform (this is the most popular profile among users).

  • User support: allows you to have a global view of the Spaces tree even if you are not a member of these spaces (without having access to the contents of these spaces) and of existing user accounts. This profile makes it possible to support other users in the management of the spaces (e. g. pre-adding members), to help with the management and promotion of good practices.

  • Super-administrator: this is a technical profile that allows you to implement the various configurations of the platform (e. g. coupling with your internal directory, with your mail server… ). This profile does not allow you to see the tree of Spaces or existing accounts (except for Spaces where this super-admin user is a member).

Note

By default, no “Profile” gives access to the Collaborative Spaces or their contents. These are managed independently, through the concept of member and role in a space. The aim here is to guarantee confidentiality by preventing a technical or support user from having access to any data managed on the platform, without having been expressly added by a business manager as a member of a space.

Note

A user with the “standard” profile cannot be “Support-Users” or “Super-Administrator”. It is possible to combine the “Support-User” and “Super-Administrator” profiles (practical in small structures/companies).

Other profiles available

  • External: intended to identify users external to the entity (company/organisation), such as partners, service providers, customers, suppliers, etc. External users do not have access to the “Public” areas, which are reserved only for internal employees/agents.

Note

The external profile cannot be Support-Users or Super-Administrator.

For external user access, please refer to the “GoFAST Administration / User Support / Configuration External user access” section.

  • Broadcaster: allows you to share documents in collaborative spaces without being a member, or the personal spaces of other users. Warning: this profile does not allow you to see the contents (no folders or files) in these spaces, but only to deposit them.

Note

This profile can be combined with other profiles.

  • Restrictions on comments and annotations: a user with this profile can only make private comments and annotations. He will then be the only one who can consult them and will not be able to share them with other users (these are comments and annotations made on documents/contents).

Note

This profile can be combined with the standard profile.

Table of permissions by profile

In the process of updating

Note

For roles related to Collaborative Spaces and their administration, please refer to the section “Collaborative Spaces Management”.

“User-Support” Profile

The purpose of the “User-Support” profile is to support users, in particular those with the role of administrator of spaces, in the management of members and to ensure the consistency of the tree structure of the spaces.

Note

Under no circumstances does the “support-user” profile replace the administrators of the collaborative spaces, who must be business managers (e. g. heads of departments/directorates, team/project managers, etc. ). However, he or she may be an administrator in Spaces of which he or she is a member.

Configuration Validation creation users

It’s possible to activate an option in “Configuration” and then “Users”. This option allows when a business/space administrator creates a new user, to submit it for validation by a support-user profile before it is created.

Once the business/space administrator has created the new user, the support-user profile receives a notification and can validate or deny the activation of a user profile from the profile page or from the directory (this action can be done in bulk).

A user awaiting validation appears as “Pending” in the directory.

Configuration External user access

In “GoFAST Configuration” and then “Space”, you will find the possibility to limit the addition of external users in certain spaces.

Disable adding external users to groups - When this option is enabled, an external user cannot be added to the “Groups” space type. - When this option is disabled, a warning message is displayed when you are going to add an external user to the “Groups” space type.

Disable adding external users to organizations - When this option is enabled, an external user cannot be added to the “Organizations” space type. - When this option is disabled, a warning message is displayed when you are going to add an external user to the “Organizations” space type.

Visibility on Spaces

The user support has visibility of all existing Collaborative Spaces through the directory of spaces and the search engine:
  • If he or she is not a member, he or she will not be able to access the contents of the Spaces (either files or folders).

  • If a member of a space, he or she can access it and these permissions depend on the “role” he or she has in that Space.

Note

For more information, please refer to the section: “Permissions table by profile”.

Visibility on Users

The user support has visibility of all existing users through the directory of lists and users, as well as the search engine :
  • User-Support can see unit user accounts and to some extent manage them.

  • User-Support can see all User Lists, but does not have the ability to manage them if it is not the creator or designated administrator of these lists.

Note

For more information, please refer to the section: “Permissions table by profile”.

Other Visibilities / Permissions

The other elements that the “user-support” profile allows you to view and manage are:
  • Configuring the visibility of spaces and between users

  • Configuring Document Categories

  • Configuring Administrative Utility Times by Document Category

  • Configuring the Custom Link

  • The database of “Contacts” non-users (via the menu “Directories / Contacts”)

  • Audit

  • Statistics

Configuration : partitioning of Users and Spaces

This configuration allows you to define the level of visibility or partitioning of users between them and on spaces. Two options available: - Visibility of Collaborative Spaces: This is to open or restrict the fact that a user can see spaces of which he is not a member.

  • Visibility between users: This is about opening or restricting the fact that a user can see other users with whom he or she does not share any space.

Note

Only the “User-Support profile can manage Visibility Partitioning.

Note

Partitioning only applies to users who do not have any Collaborative Space in common. If two users are members of the same space, they will still be able to see each other.

Visibility among users

This is to allow users to see each other in the user directory or through the search engine, and to view their profile.

Visibility or partitioning can be defined according to the “profile” of users:
  • Users with the “External” profile may or may not see each other.

  • All users regardless of their “profile” may or may not see each other.

Note

The partitioning between external users prevents partners and providers from seeing each other, unless they are members of the same space (from level 2 of the extranet space tree).

Visibility of Collaborative Spaces

It is about allowing users to see or not the different Collaborative Spaces of which they are not members.

It’s possible to define visibility or partitioning according to the “profile” of users:
  • Users with the “External” profile may or may not, see all the Collaborative Spaces (in the Spaces directory or through the search engine).

  • Users with the “External” profile may or may not, see all the Collaborative Spaces (in the Spaces directory or through the search engine).

Note

This partitioning prevents users from seeing the existence of Spaces of which they are not members. However, even if there is no visibility partition, in the file explorer or the Spaces quick access menu (top bar), you can only see the Spaces of which you are a member.

Note

For users with the “External” profile, this prevents partners and providers from accessing the internal Spaces tree (e. g. Organizations and Groups), as well as Spaces intended for other partners or providers. This is important if there are Extranet Spaces dedicated to competing providers or partners.

Visibility of users Disabled

For reasons of traceability (audit and security), users who have left the entity (company/organisation) will be disabled on the platform and not permanently deleted.

Note

Be careful to distinguish between “Disabled” users (voluntarily) and “Blocked” users (those who have tried to log in with a wrong password more than 5 times, and who need to be unlocked by a “User-support” or a “super administrator”).

Disabled user profiles are inaccessible and anonymized to standard users. Only administrators of the platform (user-support profile) can retrieve them and reactivate them if necessary.

Note

Disabled users are visible to the “user-support” in the user directory, in all the areas where they were members, as well as through the search engine.

Disable/Unblock a user: To disabled or unblock a user and thus block or authorize their access to the platform:

  • Go to the User Directory and find it through the sorting and filters available.

  • OR Search the user via the search engine (search by name, first name or username).

Then… - Click on the menu “Burger” (contextual actions) from the directory or search. - OR Go to his profile and click on the menu “Burger”.

  • Via the “Burger” menu, click on “Disable” or “Unblock” and then on “Confirm”.

../_images/d%C3%A9sactiver_utilisateurs.png

Note

There is a difference between “Inactive” users and “Disabled” users. Inactive users are not blocked, they are users who rarely log in to the platform.

Configuration: Categories

“Categories” are metadata that a user can apply to documents they have access to. This is the type of document, e. g. mail, invoice, report, contract, etc.

Note

Only the “user-support” profile can manage categories.

Create/Modify a Category

GoFAST offers a standard list of “Categories” applicable to documents. However, it is possible to add custom categories, with the associated translations. To add new categories of records:

  • Through the main menu on the left, go to “Settings”

  • On the configuration page, go to the “Categories” menu

  • Click “Add new category” or one of the existing categories from the drop-down list.

  • If you want to create a new category, fill in the fields in “Add New Category” by entering the name of your category (e. g. Quotation) in the available languages.

  • If you want to edit a category, change the text in the “Edit XXXX” fields (instead of XXXX you will have the name of the category you want to edit) into the available languages.

  • Click “Save” at the bottom of the page to validate.

Filter categories by Collaborative Spaces

Filtering categories by Space allows you to limit the list of these categories available on documents. Thus, depending on where a document is shared, some categories may be proposed and others may not. For example, the “CV” category could only be proposed for documents classified in the HRD space. To filter document categories by Space: - Through the main menu on the left, go to “Configuration”

  • On the configuration page, go to the “Categories” menu

  • In the “Filter Categories by Collaborative Space(s)” area, click to expand either “Standard Categories” or “Custom Categories”.

  • In the field of the desired category, start typing the name of the space where you want to allow this category and you will have suggestions, click on it to select.

  • Click “Save” at the bottom of the page to validate.

Note

Leave blank to allow the category in all spaces.

Configuration: DUA (Duration of Administrative Utility)

A “Duration of Administrative Utility” allows documents to be prepared for archiving. It is a question of defining a timeline (in days, months, years) that will be triggered from the moment the document is in “pre-archived” state and will depend on the duration defined for the category associated with the document. At the end of this period, an alert is sent to users identified as “Archivists” to either “Archive”, “Sort” or “Destroy” the document.

Note

Only the “support-user” profile can handle DUAs.

Where to manage DUAs:

  • From the main menu on the left, go to “Configuration”.

../_images/DUA_image_1.jpg

Two sections are available: - List of recipients of the notification email: in this section you can add users who wish to be notified at the end of the DUA.

../_images/DUA_image_2.jpg
  • List of existing DUAs: In this section, you will find the table of Document Categories with a DUA, with the defined duration and expected fate of documents due.

Create or modify a DUA

To create a new DUA:
  • Click on the ” + Create” button.

  • A new section appears “Add / Edit existing DUAs”.

  • Fill in the available fields of the form.

Fields to fill in to create a DUA:
  • Category: to be selected from the drop-down list.

  • DUA: unit (digit) to enter.

  • Unit: to be entered if it is Day, Month, Year.

  • Action (final result): Archive, Sort, Destroy to select from the drop-down list.

Click “Save” to validate.

../_images/DUA_image_4.jpg
You can also modify an existing DUA:
  • In the list of DUA, choose the one you want to modify

  • Click on the edit icon.

  • You can then change the fields : DUA, Unit and Action.

Click “Save” to validate.

../_images/DUA_image_6.png

Note

To delete a DUA, simply leave the DUA (Administrative Duration) field empty and then Save.

Statistics

The Statistics view allows you to view various information about the activity on the platform. The information is rendered graphically, over a selected period of time. The Statistics view is divided into 3 parts:

  • User statistics

  • Documentary statistics

  • Spatial statistics

It is also possible to export the data.

Access to Statistics

From the main menu on the left, go to “Statistics”.

../_images/statistiques_1.png

Note

Only users with the “User-support” profile are entitled to access the global statistics of the platform. However, the various administrators of the spaces can also access them, but the statistics displayed will be limited to the spaces that these users administer.

Three sub-tabs are available: 1. Tab “User statistics” allows you to view the number of users, information about active and inactive members, new members and connected members.

../_images/statistiques_2.png
  1. Tab “Document statistics”, allows you to view the number of documents and information related to documents by category, status and importance.

../_images/statistiques_3.png
  1. Tab “Spaces statistics”, allows you to visualize the number of spaces and information about the spaces, their evolution by period, the most active, the most populated and the most filled.

../_images/statistiques_4.png

Export Data

The export will be in spreadsheet format (XLSX).

Export users: In the tab User statistics it’s possible to export all existing users, with their :

  • unique registration number (ID given automatically when creating a user)

  • their user ID (used to log in)

  • email

  • First name

  • Name

  • Date of registration (date of account creation)

  • Date of last connection

  • Status (1 if active = already connected and 0 if not active)

  • Column “super administrator” (indicating “TRUE” if has profile OR “FALSE” if does not)

  • Column “User-support” (indicating “TRUE” if has profile OR “FALSE” if does not)

  • Column “Space Admin” (indicating “TRUE” if administrator of at least one collaborative space OR “FALSE” if administrator of no space)

  • Column “Broadcaster” (indicating “TRUE” if profile or “FALSE” if not)

  • Column “External” (indicating “TRUE” if it has profile OR “FALSE” if it does not)

../_images/export_utilisateurs.png

Export d’une liste de documents : Dans l’onglet Statistiques documentaires il est possible de réaliser un export de tous les fichiers existants dans un ou plusieurs espaces, avec leur :

  • “node” (the automatic reference number assigned to the creation of the document and present in the URL of the document page).

  • Title (of the document)

  • Link (to document page)

  • Path (the location of the document)

  • Current version (the current version number of the document)

  • Popularity (automatically calculated according to activity on the document)

  • View counter (number of times the document was viewed in a given period)

  • Category (of document)

  • Date of creation (of document)

  • Created by (user who submitted/created the document on the platform)

  • Date of amendment (last date the document was amended/edited)

Note

To export a list of documents, you need to select at least one space.

Note

It’s possible to select the information of your choice for the list of documents, by selecting one or more data from among those available (check the box).

Export of the list of spaces:

In the tab Spaces statistics it’s possible to export all the existing spaces, with their :
  • “ID” (the automatic reference number, assigned to the creation of the space and present in the URL of the space page).

  • Title (from space)

  • Type (Organization, Group, Public, Extranet)

  • Path (the location of space)

  • Administrators (users with the administrator role in the space)

  • Contributors (users with the contributing role in space)

  • Read-only (users with read-only role in space)

In the tab Spaces Statistics, click on the button with the Excel icon.

A small window opens and informs you that your export is being generated. As soon as the download is started, the download will close automatically.

../_images/fen%C3%AAtre_export_espaces.png

Audit

The “Audit” view lists and timed the “events” (actions) performed, including:
  • Node creation (creation of a document/content or space)

  • Connections (from a user)

  • Consultation of the document

  • Consultation of documents/content

  • Updating of documents/content

  • Updating locations

  • Removal of space

  • Archived space

  • Unarchived space

  • Sharing by email (of a download link)

  • Downloaded link sharing

  • Adding a member (in a space)

  • Deletion of member (from a space)

  • Create User

Delete a user (if he has never logged in)
  • etc.

Go to Audit:

Note

This feature is only available to users with the “User-support” profile.

L’audit complet est accessible via le menu principal de gauche, en cliquant sur « Audit ». À partir de cette page Audit vous pouvez : * Utiliser les filtres mis à disposition pour retrouver une action en particulier ou un contenu. * Exporter l’audit dans la limite de 50 000 résultats

Note

For example, to be able to restore a document: filter by event type “delete node”, then specify a period to further narrow the list. Once your action is found, click on the document/content concerned to go to its page and restore it.

The specific audit on a document is available on the document page: You can see the most recent events performed on that document, the date and time of the actions, and the users who performed the action.

../_images/audit_document.png

Configuration: Custom Link

In the process of updating

Configuration: Import users from LDAP/AD

In the process of updating

Create / Manage user(s)

Note

The “User-support” profile can create user accounts. However, it can only pre-add them to the Collaborative Spaces because the administrators of these Spaces will have to validate access for these new members.

Create a user and give them access to the Collaborative Spaces

To find out how to create a user, please refer to the “Create a user” section. To find out how to add a user or a list of users as a member of a space, please refer to the “Add a member to a space” section.

Disabled / activate (unblock) a user

The 3 possible statuses for a user:
  • “Disabled” means a user who has been voluntarily disabled, e. g. if he or she has left the organisation/company.

  • “Blocked” refers to a user who has made too many failed login attempts and for security reasons their account has been automatically blocked.

  • “Activated” means a user who has an account and who can access the Platform on the condition of logging in with their username and password.

Change the User statut:
  • From a user’s profile page :

Go to a user’s page, either through a keyword search (e. g. enter a user’s name and click on the search result of the “profile” type), or via the user directories menu. Once on a user’s profile page, click on the “burger” menu (= “contextual actions menu”), then on “Reactivate user” or “Disable this user” or “Unblock this user”. The text displayed in this button depends on the status of the user.

  • From the user directory page (modify individually or in bulk) :

Go to the user directory page from the main menu on the left “Directories/Users”. Once in the directory, you have the option to sort and filter users (for more information on filtering and sorting, please refer to the “User Directory” section). You can change the status of a single user: click on the menu “burger”, then on “Reactivate user” or “Disabled this user” or “Unblock this user”. The text displayed in this button depends on the status of the user. You can change the status of several users at once: in the left column you have checkboxes. Select the users you want to edit, then click on the “burger” menu at the top (directory header, other menus being greyed out) and click on “Reactivate these users” or “Disable these users” or “Unblock these users”.

Modify a user’s information

In order to change the information related to a user, go to :
  • The user’s profile page (from search or directory)

  • The page of the user directory

Create/Manage User Lists

List Visibility: Users with the “User-support” profile can see all existing lists (even if not a member), either through the List Directory or through the search engine. They can then see the list members and their administrators. Actions from lists: Users with the “User-support” profile can only pre-add a list as a member of a space. They do not have the ability to manage the list itself, unless they are explicitly the administrator (or creator) of the list. To be able to perform the actions allowed on the lists, you have to go to the List Directory or to the page of a list (e. g. from the search engine).

Create / Manage Spaces

Users with the “User-support” profile have the possibility to perform various actions on collaborative spaces. However, the spaces management and their members depends on the validation of the administrators of those spaces.

Note

Please consult the introduction to understand the objectives of this profile in the management of the Collaborative Spaces tree and Users.

On the page of a space, the “User-support” can consult the following tabs:
  • Home

  • Statistics

  • Member

The other tabs will be locked to him, unless he or she becomes a member of the space.

Creating Spaces at the “Root”

  • Via the quick access bar (top menu), click on “+” , then on space, then on the type of space you want (Organization, Group… )

  • Root space = 1st level in Organizations, Groups, Extranet, Public

  • The user who created a space automatically becomes the administrator of that space. Additional directors and other members must be added.

Note

The “user-support” profile is the only one that can create a space “at the root”.

For more information, please refer to the section “Creating a Collaborative Space”.

Pre-add members to Collaborative Spaces

Pre-adding members means that access to collaborative spaces will only be effective once the pre-adding has been validated by at least one of the space administrators. It is possible to pre-add members :

  • Through the “Burger” menu of a space (on the space page, from the space directory or from the search result).

  • In the “Burger” menu of the space, go to “see more”

  • Click on “pre-add a member/user list”

  • Fill in the fields according to the procedure in the “Add Members” section

  • A request will be sent to the space administrators to validate or deny the request to add users.

  • On the “Members” tab of the space, these users will be marked “pending”.

Manage the “Home” tab of a Collaborative Space

The “user-support” profile has the possibility to customize the home tab of a collaborative space. To edit the welcome of the space, go to the menu “Burger” of the space, then to “Edit the homepage”.

Contact Space Administrators

In order to properly assist users, in some cases it is necessary to ask space administrators to perform certain actions or to ask them to access the spaces to perform them yourself. For example, you could ask a space administrator to change the role of another member or simply share best practices. To contact the Space administrator :

  • Go to a Space page OR to the Space Directory page.

  • Click on the “Burger” menu, then on “Contact Administrators”.

  • A window opens to compose the message and validate the sending.

Note

This action is possible with the “User-support” or “Super-Administrator” profile. The difference is that only the “User-support” profile can see the entire Collaborative Spaces tree (via directories and search).

Restore a document

In the process of updating please refer to the section: “Manage Documents / Contents”.

Profile “Super-Administrator”

Automatic synchronization of GOFAST accounts with AD/LDAP

GoFAST offers a new feature that automatically synchronizes users from the Business Directory to your collaborative platform. Synchronization is done only with accounts that have authentication delegations enabled. Users that do not exist in GoFAST but are present in the Directory, at the time of synchronization, will be created and activated on the platform. In the case of deleting a synchronized user on the Directory page, the user will be “Blocked” on GoFAST. This mechanism makes it possible to retain the traceability of the actions of that user and to reassign that information to him under certain circumstances.

Note

Please note that accounts that do not have authentication delegations will be out of sync cycle. They will not be automatically blocked or unblocked from the platform.

Connection to LDAP / AD Server

To connect to your LDAP Server, you must connect to GoFAST as a Technical Administrator. Click on the Burger icon on the left of the main menu, then go to “Administration” and press “GoFAST Configuration”.

Once the page is displayed, in the left sidebar click on the “LDAP /AD Server” heading. Fill in the settings of your Server according to the recommendations given below :

Name: Choose a unique name for this server configuration.

LDAP server type: Four types are available, Active Directory, Open LDAP, Apple Open Directory, Novell. This field is informative. Its purpose is to help default values and give validation alerts.

LDAP server type: Four types are available, Active Directory, Open LDAP, Apple Open Directory, Novell. This field is informative. Its purpose is to help default values and give validation alerts.

LDAP port: The TCP/IP port on the above server that accepts LDAP connections. This must be an integer.

Use Start-TLS: This option allows secure communication between Drupal and LDAP servers using TLS ( To use Start-TLS you need to set the LDAP port to 389 ).

Follow LDAP References: The LDAP client tracks references (in the LDAP server’s responses) to other LDAP servers. This requires that the specified connection parameters are also valid on these other servers.

Service Account: Some LDAP configurations prohibit or restrict anonymous search results. These LDAPs require a “DN/password” pair to make the link. For security reasons, this pair must belong to an LDAP account with disabled permissions. This is also required for the provisioning of Drupal accounts.

  • DN for non-anonymous searches.

  • Password for non-anonymous searches.

  • Base DNs for LDAP users, groups and other entries: Which DNs have appropriate entries for this configuration? ex: ou=campus accounts, dc=ad, dc=uiuc, dc=edu. Keep in mind that each additional base probably doubles the number of queries. Place the most used in the first position and use one high base DN instead of two low base DNs. Enter one DN per line if more than one is required.

Once all the information has been entered correctly, a button is available at the end of the “Connection Test” form, which allows you to test the connection between GoFAST and the LDAP server. An information message will be displayed to the right of the button indicating whether the connection was successful or unsuccessful. In case of failure, it is imperative to check the parameters and start the test again. If the test is successful, press the “Save” button to save this configuration.

Note

It’s possible to make changes or set up a new configuration, just remember to test the connection then save the changes only if successful.

Enabling SASL Delegated Authentication

Once the connection is established with the LDAP Server, go to the “SASL Authentication” section at the bottom of the settings form, and check the “Delegate Authentication to LDAP Server” box. Remember to register to start the delegation operation. This may take a few minutes depending on the number of users active on GoFAST. Enabling SASL Delegated Authentication allows users to connect to GoFAST using company credentials (Active Directory, OpenLDAP… ). .. figure:: media-guide/Synchro-ldap-delegation.jpg

alt:

Note

SASL authentication only works with users who are registered in the company directory. As an administrator, you can also enable/disable delegated authentication for a specific user directly from the account change form. Make sure the LDAP settings are appropriate for this feature to be enabled.

Configuring the synchronization

After activating the delegation, a new section “Directorium Synchronization” is visible at the bottom of the page, which is dedicated to the configuration of the synchronization of the platform accounts with the remote directory configured above. To configure the synchronization, first check the box “Synchronize GoFAST with the configured directory”. Then go to the subsection “Configuration” and choose the synchronization frequency.

Two other important subsections should be noted :

  • Field association (Required): You must at least fill in the fields “User name” and “Email address” with their respective attributes in the directory (Example: Username -> uid, Email address -> mail ). Other fields are optional.

Note

The unique user ID, usually associated with the samAccountName for an Active Directory.

  • Filters (Optional): Here you can perform specific filters for your synchronization request. It is recommended to separate each filter list with line returns.

Once the synchronization setup is complete, click on the “Save” button to perform the operation.

If, however, you want to synchronize before the next set date, just click on the “Synchronization” button.

Single Sign-On (SSO)

Protocol used by the application

GoFAST uses Security Assertion Markup Language Version 2. 0 (SAML 2. 0). This standard is based on data structuring in XML format.

Its operation involves an Identity Provider or IdP that corresponds to the application that provides the identification of a person, as well as a Service Provider or SP that corresponds to the application on which you wish to identify. In our case, GoFAST is the Service Provider (SP).

Identity Provider Configuration

The setting of the identity provider will allow GoFAST to tell how and or to request verification of an identity. This configuration also makes it possible to secure the exchange by means of certificate(s).

The parameters to be completed are: * Name: The name of the identity provider. This name will be displayed to users on the login form. * Entity ID: The ‘entityID’ field that identifies the identity provider. This is usually a URL. * App name: The name of the application passed to the identity provider to identify the origin of the request. * IDP login URL: The IDP login URL. * IDP logout URL: The IDP logout URL.

A certificate must be provided by the identity provider. This certificate will be used to identify with certainty the correct identity provider.

Configuring the service provider

Setting the service provider allows the application to transmit the right information to the identity provider in the right format and with the right level of security.

It is possible to define technical contacts and support to be passed on to our identity provider :

Information on the organisation of the service provider may also be provided to the identity provider

And finally, we access the security settings that will allow us to adapt to our identity provider and be able to communicate with them. The available parameters are :

Attention: The following 3 parameters require GoFAST to know the private key that will decrypt the information on the IdP side. Check with support.

  • Encrypted ‘NameID’ field : Allows to encrypt in a particular format the identity information that is transmitted between applications

  • Signed ‘Authn’ requests: Ask the SP (GoFAST) to sign its requests to the IP

  • Encrypted disconnection requests : Allows to encrypt connection requests to the IdP

  • Encrypted disconnection responses : Allows to encrypt disconnection requests to the IdP

  • Signed messages required: Allows you to ask the IdP to sign its messages

  • Signed Assertions Required: Allows you to ask the IdP to sign its authentication validations

  • Encrypted ‘NameID’ field : Allows you to ask the IdP to encrypt the NameID field in the query return

  • Metadata Signature: Applies our signature and asks the IPI to apply its signature on the metadata

Once the configuration is complete, a metadata tab will be generated containing the metadata to enter into the IdP to register the SP (GoFAST) application as valid.

On the login page, the user will now be able to log in by clicking on the “Log in with XXX” button.