Integration Broker and Single Sign On


Our first goal is to go from a vanilla installation of PeopleSoft IH to one which allows a multitude of users with different roles to access different PeopleSoft content.

As I mentioned in the previous article, it is important to become familiar with the Setting up PeopleSoft Interaction Hub with PeopleSoft Applications red paper.

Basically this document describes the steps needed to configure Integration Broker (IB) and Single Sign On (SSO).  I would suggest meticulously following this article, with the assistance of your PS Admin.  A lot of things can go awry in these early steps (we came across a lot of issues with typos in the Node URIs).

When these steps are complete you should be able to do the following:

TESTING SSO (troubleshooting steps are below)

a) Create user TESTPORTAL in IH and one of your remote content providers, say HR.
b) Assign the 3 delivered roles to TESTPORTAL in both environments:

  • PAPP_USER
  • EOPP_USER
  • PeopleSoft User
Via Main Menu -> PeopleTools -> Security -> User Profiles -> Add New Value: TESTPORTAL


minimum settings General Tab

minimum settings ID Tab

minimum settings Roles tab


these 3 roles have the minimum permission lists needed to see content when connecting to two servers.

c) Login to HR as TESTPORTAL and copy the URL for Main Menu -> My System Profile
d) Log out of HR and Login to IH as TESTPORTAL and Pate the URL you copied into the address bar.  If the URL opens, without asking you to Sign In again, we confirm that SSO is working, and we are off to the races!



 TESTING IB NODE CONFIG (troubleshooting steps are below)

Once SSO has been confirmed as working, we need to test that we setup our Nodes Correctly.  It is important to understand the naming conventions of your Nodes.  

Building off the example above, with the same account created above.

a) Login to IH as TESTPORTAL
b) Navigate to Main Menu -> My System Profile

Let's take a closer look at the URL on your IH server:

yours should look similar to this:

https://ENVIRONMENT/psp/SITENAME/EMPLOYEE/EMPL/c/MAINTAIN_SECURITY.USERMAINT_SELF.GBL?CONTENT_PARAMETERS

Take note of EMPL ~ this should be the Employee Portal Host name for the Interaction Hub Environment.

c) To test the default Local Node, change EMPL to PSFT_PA: the page should load exactly the same as it did before.  Testing the default local node, will ensure Integration Broker is setup correctly: We'll get into why this is important later.
d) To test the HR Employee Portal Host name, change PSFT_PA to HRMS: the page should load exactly the same as it did before, with one important caveat: we are not viewing My System Profile on the HR server.

Let's say the user TESTPORTAL doesn't want Email User Selected for their Workflow Attributes

e) Uncheck Workflow Attributes: Email User on your HR environment My System Profile and Save.
f) You should now be able to tell the difference when you toggle between HRMS and EMPL,

SUMMARY
After configuring ~ SSO and IB Nodes, in our Hypothetical Environment the Portal Administrator should be aware of the following Node configurations:

Node Type IH HR
Employee Portal Host Name EMPL HRMS
Default Local Node PSFT_PA PSFT_HR

It is important to know the names of these going forward.  We will examine the structure of the Peoplesoft URL in more detail, as it gives us a lot of information that is very useful.

TROUBLESHOOTING
Again there are a lot of things that can go wrong when you are configuring SSO and Nodes on IH and your Remote Content Providers.  Here is a list that I use to troubleshoot any issues.

a) Confirm the User Account Exists on all Required PeopleSoft Servers:

  • The username on the account must be identical on the two servers
  • Ensure it's not locked out
  • Ensure it has the 3 core Security Roles: PAPP_USER, EOPP_USER, PeopleSoft User: your Security Admin will likely want to make a customized Role that has a Combination of these 3 roles within it.
b) Ensure your Integration Broker Nodes are correctly configured

  • Carefully check the addresses of your default Local and Employee Portal Host Name nodes.  Via Main Menu -> People Tools -> Integration Broker -> Integration Setup -> Nodes: Select the one in question, and via the Portal tab, ensure the URL is correct.  (even note the trailing slash here).
  • There are likely Default User ID / Node Password permissions issues (in the Node Definitions Tab)  that can occur: ensure whoever is configuring these (ie your PS ADMIN) has a strategy for setting these properly. (Especially if accounts like VP1 / PS will be disabled).




Tools of the Trade (with examples)


It is important to know what configurable tools are available in the PeopleSoft IH arsenal before we dive into the technical configurations.  

One of my favourite quotes is from Antoine de Saint-Exupery and it goes as such:  

If you want to build a ship, don't drum up people to collect wood and don't assign them tasks and work, but rather teach them to long for the endless immensity of the sea.

So let's begin!


I will use three key examples from our environment to demonstrate how we configured the system to suit our needs.



Guest View Public Access ~ we do not know who you are at this point.



Key attributes:

Branding template modified
  • No Main Menu
  • Larger Header
Two Pagelets
  • Login Pagelet: signs you into IH
  • News Alert Pagelet: able to be modified by communications team / service desk
Footer
  • Display other important company / support info.


Authenticated Student View ~ Authenticated Access ~ we know you are an active undergraduate student



Key attributes:

Branding Template Modified 
  • Addition of Main Menu
  • Addition of Home | Signout Links
  • Smaller header to preserve critical screen real-estate
3 Tabs:
  • Show tabs based on Role
  • Universal Home Tab that All users see
  • Student Center: Tab that links directly to a component
  • Student Guide: Tab that links to a dashboard
5 Pagelets:
  • Universal News Pagelet: seen by all users to convey important institution wide messages
  • Important Links Pagelet: Navigation collection, that displays important content references based on who you are
  • Ask McMaster: Free Text Pagelet that takes in Form data to post to an external website
  • Welcome: Free Text Pagelet that displays an image
  • My Learning Links Navigation Collection that displays if you are a certain type of student.


Authenticated Staff View (Home Tab of a staff member who is authenticated):


Key attributes:

Branding Template Modified ~
  • Addition of Main Menu
  • Addition of Home | Signout Links
  • Smaller header to preserve critical screen real-estate
5 Tabs
  • Show tabs based on Role
  • Universal Home Tab that All users see
  • Documentation, My Profile, My Work, Support tabs that deliver links to important business functionality.
4 Pagelets
  • Universal News Pagelet: seen by all users to convey important institution wide messages
  • Important Links Pagelet: Navigation collection, that displays important content references based on who you are.  Content References such as View Paycheck takes you to the Human Resources PeopleSoft Server, and Chartfield Mappings takes you to PeopleSoft Financials.
  • McMaster Daily News: RSS Feed Reader:
  • Calendar of Events:  important messages for staff


Authenticated Staff View (My Profile Tab of a staff member who is authenticated):



Key attributes:

WorkCenter Dashboard

Contains 2 Pagelets
  • My Profile Quicklinks: Navigation Collection that remains on the left as you browse through certain functionality.  Content references (such as View Pay Statement) will change based on your permission to them in the system.
  • About My Profile: the Dashboard component: more like a home page within a home page. Can be used to display pagelets to convey news and other information.

Getting There:

To get here we had to sit down with a number of stakeholders across all systems in our environment and get these two questions answered thoroughly:

1) who will be using this software
  • brainstorm all different users across the system
  • group them into logical categories
  • determine if each group will also be members of other groups (IE an employee who is also a student)

2) what will each group of users need to access
  • list important self-service functionality
  • determine importance of communication within your organization

Taking all of this information and organizing it, is paramount to the success of the launch of this software.  We used these two rules for guidance:
  • Less is more: if the system becomes too cluttered with links, the usability of the system shoots down.  Also, showing users information not important to them is an issue.
  • Configuration not customization: we will strive to use all tools available to us, and not go too far in developing our own. This will reduce the cost of development, encourage stability and simplify our maintenance process during future PeopleSoft software releases.

Looking at our user landscape, the most important discovery we made is the fact that we have a lot of cross-appointed users.  This fact alone drove the creation of a common Home Tab that all users see.  The home tab employs tools that will change based on who you are.  Navigation Collections and News Publications are key to this ~ they will change based on role, and will display even more information if you have 2 or more roles.  Ensuring the News and Important Links Pagelets are locked to the Top Left (no matter who you are) ensures a common user experience across the whole system, and that critical business information remains visible.

A good understanding of how these tools work is required.  Some components, such as the Calendar are "All or Nothing".  IE you can't customize it based on who is seeing it, you can either show it to one group, or not at all.  All or Nothing components don't work well in a dynamic environment.

This system uses roles to determine which group of user you are.  If we are to adhere to our "less is more" rule, we should understand if the Group of Users is "EVERYONE", then we should ensure tailored to that group, and that the content be limited in scope.  If we have a more specific group such as "Expense Report Approvers" we can feel more comfortable that the content we are creating will be relevant to those who need it, and will be invisible to everyone else.

Now that we have the functional foundation laid out, let's proceed with the technical foundation.  It's time to start collecting wood.



Let's get started!







This blog highlights our journey to PeopleSoft IH adoption to help improve the User Experience of our ERP implementation.

At a very high level, we needed to accomplish the following four tasks in the next 2 years:



  1. Link to all remote content providers. (In our case FM/HRMS/Campus Solutions/EPM/Bolt On)
  2. Create branding profiles for different types of users (guests versus authenticated)
  3. Create shortcuts to critical business functionality
  4. Communicate important information to our diverse and vast collection of users



After being given the keys to the castle (the VP1 account) I mentally created a list of items I had to catch up on to fulfill our end goals:

a) Understand how security in this system works (Roles Versus Permission Lists, )
b) Become familiar with the various tools in the PeopleTools arsenal: (Navigation Collections, Pagelets, Dashboards, WorkCenters, Homepages, Tiles with Dynamic Content, Application Start Pages and the Nav Bar)

Helpful Reading Materials:

As a good primer, these documents are a good place to get started.