Skip to content

Setting up the DMPTool

Jump to bottom Edit New page
Maria Praetzellis edited this page Mar 10, 2023 · 27 revisions

Index

Watch a video tutorial about setting up your new DMPTool account

Enabling Shibboleth

Granting administrator privileges

Customizing your institutional profile

Providing feedback on plans

Enabling Shibboleth (institutional single sign-on)

SSO

Participating institutions can enable SSO authentication for their users. Please note: it is NOT required to enable SSO for participation with the DMPTool. The setup involves coordination between your institution's Identity and Access Management team and the DMPTool's administrators. Please refer to the sections below for details on your specific configuration.

We currently only support integrations with institutions that are members of the InCommon Federation or eduGAIN.

The DMPTool requires that the following SAML attributes are released:

  • eduPersonPrincipalName required (aka eppn, the user's unique identifier. The value should be universally unique, the most common value is the email)
  • mail required (the users email address)
  • displayName (the user's first and last name) Once your institution's Identity Provider is configured correctly, a DMPTool administrator can enable your institution to use SSO within the DMPTool. Once enabled, your users will select your institution from the DMPTool login screen then be redirected to your institution's login page to authenticate.

If you have users already using the DMPTool will retain their accounts once SSO has been enabled:

  • If the mail your system provides matches the email address your user used to create their account, their existing account will be auto-linked to their eppn and they will login automatically.
  • If the email address does not match, they will be brought to an interim 'Finish creating your account' screen that will allow them to login via their email address and old password. Once they login via their password, their account will be linked. All future logins for the user can then be done via SSO.

My institution is a member of the InCommon Federation or eduGAIN

Send us your identity provider's entityID so that we can enable SSO for your users.

My institution is a member of the Research & Scholarship (R&S) category

The Research and Scholarship Entity Category (R&S) is a simple way for Identity Providers to release minimal required attributes to Service Providers serving the Research and Scholarship Community. Being a member automatically guarantees that your identity provider releases the correct attributes to the DMPTool.

My institution is a NOT a member of R&S

If your institution is a member of the InCommon Federation but NOT within the Research & Scholarship category, your institution's identity provider may need to be configured to release the attributes mentioned above for the DMPToool. Your Identity and Access Management team can use the following information to make the necessary changes:

Attribute Release Policies

DMPTool Service Provider Metadata

Once that's complete you can send us your identity provider's entityID so that we can enable SSO for your users.

Testing

Once your institution's identity provider has been configured and SSO has been enabled for your institution within the DMPTool, you can visit our SSO Test Page to test the SSO handshake. Select your institution from the dropdown list and click the "Continue" button. This should bring you to your institution's login page if things were properly configured within the DMPTool. Once you login, you will be redirected back to a validation page that will display the attributes mentioned above. If all has been properly configured within your identity provider, a Success message will be displayed.

Troubleshooting SSO

I was able to successfully log in to my SSO but I receive a 500 error from the DMPTool.

This indicates that there was a communication issue between your institution's login page and the DMPTool. The most common cause is that your institution's SSO did not send the DMPTool a unique identifier (aka an eppn) or did not provide your email. The DMPTool requires these 2 attributes in order to correctly identify your account.

Please visit our SSO Test Page, select your institution from the list (InCommon and eduGAIN institutions only), login to your institution's SSO page, and then send us a screenshot of the page you are redirected to. It should include an eppn, email address. Then contact us and provide the screenshot to help us diagnose the problem.

If the SSO Test Page shows a blank eppn or email address, you will need to contact your internal IT team that manages your SSO. They will need to update the system to release that information to the DMPTool.

I clicked on the button to sign in with my institutional credentials and received an 'opensaml::FatalProfileException' error

This message was received from your institution's SSO, which did not recognize the DMPTool as a trusted service provider. You will need to contact your IT department that supports your SSO to have them add the DMPTool as a trusted service. Include a link to this page when you contact them.

I clicked on the button to sign in with my institutional credentials and received an 'Unknown or unusable identity provider' error

We use an 'entityID' to determine where the URL of your SSO system. You will receive this message if we have the wrong entityID for your institution. You can find your institution's entityID from the InCommon or eduGAIN directories.

Granting administrator privileges

Select "Users" from the Admin features dropdown menu. You will see a list of all users affiliated with your institution/organization. Click the "Edit" link in the "Edit privileges" column and check the appropriate boxes. Screenshot of user privileges window

You will see a list of 6 privileges that you can grant individually, or you can check the top-level box to grant all privileges at once. Uncheck the boxes and click Save to remove privileges.

  • Manage user privileges: assign privileges to others in your organization; you can only assign the privileges you have yourself
  • Manage templates: create new organizational templates, edit existing ones, and customize funder templates
  • Manage guidance: create and edit guidance
  • Manage organization details: edit organizational details (name, URL, contact email, logo)
  • Use API: provides you with an API token and grants rights to harvest info from the tool

Customizing your institutional profile

Select "Organization details" from the Admin features dropdown menu. Add/edit information to display to your affiliated users in the organizational branding banner. If you upload a logo it will replace the DMPTool logo.

A contact email address is required if you wish to enable the "Request feedback" functionality. This will be used to alert you to requests from users at your institution/organization.

Screenshot of organization details page

Providing feedback on plans

The "Organization details" page contains a second tab: "Request feedback." This is where you can enable the functionality for users at your organization to request feedback on their plans. If enabled, users will see a button to "Request feedback" on the Share tab while writing their plan. When they click the button they will receive an automated email notification (provided by an administrator in the Subject and Message fields below). We suggest that you include details about who will respond to the request and on what timeline. Also note that the sample message below contains special values for the user name %{user_name} and plan name %{plan_name}. If you include these in the message they will automatically populate with the appropriate user name and plan name for each request.

Screenshot of Organization's request feedback window

The administrator contact email will also receive an email notification that a plan has been submitted for feedback. Submitted plans will appear in a Notifications panel on the "Plans" page. From here administrators can click to open the plan in read-only mode and provide comments in the right-hand panel beside each question. When finished commenting, return to the Plans page and click the link to "Complete" your feedback. This will trigger another email notification to the plan owner that you are finished providing feedback on their plan. Screenshot of Administrator's Plans page with a feedback request

Add a custom footer

Home

Help for administrators

  1. Setting up the DMPTool
  2. Creating guidance
  3. Customizing funder templates
  4. Creating templates
  1. Usage
  1. Themes
  1. DMP IDs and Networked Data Management Plans
  2. Glossary
  3. Webinars

Translations

Single Sign On (SSO)

API Overview

  • Prior Version 1 (Deprecated ... please transition to version 2)
  • Prior Version 0 (Provides full text of Plans but will only receive security updates)
Clone this wiki locally