SSO Migration to New Entity IDs

We are making important changes to our Single Sign-On (SSO) configuration. This migration involves updating the entity IDs you currently use to access our platform. Please review the information below to ensure a smooth transition.

Why Are We Making This Change?

The migration to new SSO entity IDs is part of our ongoing efforts to improve the security and performance of our systems. The new Entity IDs are designed to offer better reliability and efficiency. Updating your configurations to use these new entity IDs will help ensure a safer and more robust authentication process.

Transition Period

The old SSO entity IDs will remain active until December 31, 2024. During this period, please update your configurations to use the new entity IDs to avoid any disruptions in service, and keep the old entity IDs listed as well.

What You Need to Do

Most likely you have one of our old Entity IDs (one ending in “/shibboleth”) listed in your IDP configuration. Keep that there for now (until December 31, 2024), but add in our new Entity ID also. The same attributes should be released to the new Entity ID that are being released to our old Entity ID.

You only need to list one new Entity ID – the one corresponding to your region – not all 4 new entity IDs. For example, if you have https://sso-usa.sona-systems.com/shibboleth listed currently, then add in https://usa.sso.sona-systems.com also.

Once you add in the new Entity ID, please let us know and we’ll adjust your Sona site to make use of the new entity ID

Current Entity IDs (Valid Until December 31, 2024)

Location Old Entity ID
North America and South America https://sso-usa.sona-systems.com/shibboleth
Europe, Middle East, and Africa https://sso-europe.sona-systems.com/shibboleth

New Entity IDs

Location New Entity ID
North America and South America https://usa.sso.sona-systems.com
Canada https://canada.sso.sona-systems.com
Europe, Middle East, and Africa https://europe.sso.sona-systems.com
Asia/Pacific https://asia.sso.sona-systems.com

Required Attributes

To ensure seamless integration, please configure your systems to provide the following attributes as part of the Research & Scholarship (REFEDS) bundle. Most likely, this is already configured for our old Entity ID, so you just need to ensure the same configuration for our new Entity ID.

  • eduPersonPrincipalName (urn:mace:dir:attribute-def:eduPersonPrincipalName, urn:oid:1.3.6.1.4.1.5923.1.1.1.6 )
  • mail (urn:mace:dir:attribute-def:mail, urn:oid:0.9.2342.19200300.100.1.3)
  • givenName (urn:mace:dir:attribute-def:givenName, urn:oid:2.5.4.42)
  • sn (urn:mace:dir:attribute-def:sn, urn:oid:2.5.4.4)

For more detailed information on SSO integration, please visit our SSO Integration page.