InCommon/eduGAIN Single Sign-On (SSO) for Campus-Wide Licenses

Overview

For Campus-Wide Licenses, MathWorks offers SAML-based Single Sign-On (SSO) for Identity Provider participants of eduGAIN or InCommon federations. SSO allows eligible users with university credentials to access MathWorks products and services available to Campus-Wide.

  • Security – A single set of login credentials improves enterprise security.
  • User Experience – Users do not need to remember multiple passwords to access MathWorks products and services.
  • Compliance – Required attribute assertion allows the Identity Provider (University/Organization) to provide access only to eligible users as defined in the MathWorks Program Offering Guide.

SSO User Workflow

When SSO is enabled for a Campus-Wide License, users must use an email address with a matching domain. The use of an email address with a matching domain initiates SSO when signing in to any MathWorks product or service. After entering an email address, the user is prompted to enter their university credentials.

For eligible users as defined in the MathWorks Program Offering guide who are not granted a university email address must be added (and removed) in MathWorks License Center by the License Administrator.

Configuration

MathWorks leverages attributes included in the SAML assertion defined as part of the eduGAIN and InCommon federations. The release of the following attributes is required:

  • eduPersonPrincipalName or eduPersonTargetedId
  • eduPersonScopedAffiliation
  • mail

Info

MathWorks requires these attributes to be submitted without restriction as a condition of implementing SSO. Any restrictions, or filter policies, placed upon these attributes will negatively impact a user's ability to interact with other MathWorks services that require sign in.

To enable SSO, please contact Support.