Differences

This shows you the differences between two versions of the page.

--- jisc:govroam_cat_documentation_for_organisational_administrators [2018/05/16 11:13] – admin
+++ jisc:govroam_cat_documentation_for_organisational_administrators [2024/12/13 13:43] (current) – ↷ Links adapted because of a move operation 166.108.192.94
@@ Line 1: / Line 1: @@
-[[https://wiki.govroam.uk/doku.php?id=jisc:govroam_cat_documentation_for_organisational_administrators&do=export_pdf|Export]]
+[[https://wiki.govroam.uk/doku.php?id=jisc:govroam_cat_documentation_for_organisational_administrators&do=export_pdf&orientation=portait|Export as PDF]]
-=====Govroam CAT: purpose and scope=====
+======The Govroam CAT is now deprecated.======
+=====Govroam CAT Signup=====
+====Background====
+The CAT (Configuration Assistant Tool) allows end users to install a configuration on their devices which will allow to them easily connect to Govroam. These are primarily intended to help BYOD (Bring Your Own Device) users, as opposed to corporately managed devices.
+====Structure====
+Each organisation (e.g. Holby Trust) will have an entry (an Identity Provider) in the CAT which can be managed by one or more members of that organisation, normally the person, or people, who manage the RADIUS proxy system.
+These administrators can add, or remove, other administrators of their Identity Provider.
+Within each Identity Provider there can be multiple profiles, with independent configuration, which allows for different realms, authentication types, support details and other aspects.
 ====Sign-Up====
-A document which describes the initial sign up steps: {{ :jisc:cat_signup.pdf | CAT Sign up}}
+**Initially each site should request a token for an administrator.** That token will be sent to the supplied email address and will be valid for **24** hours. After that time another token would have to be requested.
+{{:jisc:pasted:20180702-152415.png?500}}
+On receipt of the token the recipient would click a link which takes them to the Login page.
+This Login page gives a number of options for Identity Providers (these are not the same Identity Provides as referred to above) but currently the only option is Google.
+The administrator will need to log in. At this point the ID provided by the Login system, e.g. Google, will be permanently associated with the CAT. This means that in future the administrator will have to use the same Login system each time to gain access to the CAT.
+Once logged in the administrator will have access to their CAT Identity Provider and be able to start the process of populating the appropriate values and creating a new Profile.
+====Summary====
+  - The technical contact for your site should email govroam@jisc.ac.uk asking for a CAT token.
+  - On receipt of the email from Jisc the technical contact should click on the link (within 24 hours).
+  - Pick an IdP to use for now and in the future (e.g. Google).
+  - Log in with your Google credentials (creating a new account if necessary).
+  - Create a new CAT IdP for your site.
+=====Govroam CAT: purpose and scope=====
 ====Introduction====
 Govroam CAT is the Govroam Configuration Assistant Tool. Its purpose is to support you, an Govroam Identity Provider administrator, by allowing you to generate customised Govroam installers for various platforms. The customisation includes your IdP's name, location and logo, contact details for your helpdesk, and of course the RADIUS settings which users need to uniquely identify your IdP when roaming. The installers can be produced in many languages; that way, you can even offer your users an installer in their native language! Further to that, Govroam CAT can also assist you in debugging your own RADIUS setup by comparing your inputs to the actual behaviour of your setup in the Govroam infrastructure.
@@ Line 42: / Line 68: @@
 ====Step 2: How to log into Govroam CAT?====
-When clicking on the Administration interface link, you will be automatically sent to the Govroam Support Services' federated login service. This login service does not work with site-specific usernames and passwords; instead you are presented with a list of sources of identity. Choose any organisation that you have an account with:
+When clicking on the Administration interface link, you will be automatically sent to the Govroam Support Services' federated login service. This login service does not work with site-specific usernames and passwords; instead you are presented with a list of sources of identity, currently just Google.
-  * Social Networks: You can log in using the federated login function of several popular social networks, including, but not limited to, Google and Facebook.
-  * UK Access Federation: many universities across Europe have already joined the educational Global Authorisation INfrastructure - if your organisation is among them, click on that organisation and authenticate with your home organisation's usual web login credentials.
-Some users have noted that none of the above options suits them: e.g. their organisation is not participating in eduGAIN, and they have an aversion against using social networks. We understand that if a user finds all the numerous authentication options unacceptable, then he will have a hard time logging in. It might be worth considering creating a social network account just for the purpose of logging in here; even if the service portfolio offered by e.g. Google is not interesting for the user, their authentication service in itself is useful on its own. Alternatively, under the 'UK Access Federation' tab you can search for 'UnitedID'. https://unitedid.org/ provides free, secure accounts. This is a sort of 'home for the homeless' if the above options aren't suitable.
-Whichever IdP you use to sign in is the one you need to keep using. Swapping to using another (say if you've got both Google and Facebook accounts) won't work as the CAT will be tied to the identity provided by the IdP you initially used. If you want to swap to using another IdP then send yourself an invite to manage your Organisation and then sign in with the new IdP. You can either keep the other account as an administrator or delete it.
 =====Configuring my organisation's properties=====
 ====Overview====
@@ Line 131: / Line 151: @@
 **Note 2 - CA requirements**
-Various client device operating systems have specific requirements about which CA certificates and server certificates they accept. For more information, please see [[EAP Server Certificate]] considerations.
+Various client device operating systems have specific requirements about which CA certificates and server certificates they accept. For more information, please see [[public:eap_server_certificate]] considerations.
 **Note 3 - CA rollover support**