Single sign-on solution - Under development
Notice: This solution is currently under development. Contact support@place2book.com for further information.
For larger organisations with an active SSO Solution, Place2Book provides single sign-on integration, making it easy an convenient to manage users and event makers.
Requirements
The requirements for getting started with Place2Book SSO, is that you currently are running a supported SSO solution and have a SAML::Provider account.
A SAML::Provider account can be obtained by contacting support@place2book.com
Place2Book currently supports two solutions SSO solutions; SAML2 and Fælleskommunal Adgangsstyring.
Onboarding SSO
Agreement on New Connection
Place2Book and a municipal partner unit (Library, Cultural Center, Citizen Service, or similar) enter into an agreement for either an SSO integration or a complete package.
The municipal customer that has entered into the agreement or requested an SSO integration must then contact and notify their IT department and open an internal case. This ensures that the IT department responsible for the Support Systems / Service Platform can allocate time to configure the setup on their side.
Creation of Service Agreement
Place2Book will then send a request for a service agreement to Organization 5 and Organization 6, without the Se-CPR role, and with reference to any case number or contact person.
The service agreement must be approved by the IT department or a person responsible for service agreements. (A case number is highly recommended, as it makes it easier for the approver to look up and locate the case internally.)
The sole purpose of this service agreement is to retrieve the employee’s name and email address so that a user can be created in Place2Book for the relevant employee.
Place2Book User System Roles
Place2Book defines four user system roles:
- Manage
- Manage (without bank account)
- Ticket Agent
- Ticket Scanner
The Manage and Manage without bank account roles are considered the same base role and will never be assigned to the same person.
The Ticket Agent and Ticket Scanner roles are independent roles that provide access to:
- Isolated cash ticket sales
- Ticket scanning via the mobile app
SAML Administrator (Meta Administrative Role)
Place2Book also defines a meta-administrative user system role called SAML Administrator.
The purpose of this role is to give IT departments access to Place2Book, providing:
- An overview of connected municipal (or cross-municipal) organizer accounts
- Access to values used in role data constraints
The SAML Administrator role also allows:
- Creation of new municipal organizer accounts
- Retrieval of organizer data constraints
Important: New municipal organizer accounts must be created via the SAML Administrator role. Otherwise, access roles on the user account will be removed at the next ContextHandler login, since the employee’s job function role will not recognize the new organizer account.
Role Descriptions
Manage
The Manage role is the standard administrator role, typically assigned to users with full access.
Users with this role can:
- Create events
- Find sales links
- Change prices
- Create gift card types
- Define bank accounts
- And much more
Manage (Without Bank Account)
This is a reduced administrator role, intended for users who need almost full access.
Users with this role can:
- Create events
- Find sales links
- Change prices
- Create gift card types
However, they cannot manage bank accounts for payouts from Place2Book. This role is suitable for employees who need broad access but should not be able to modify payout or bank account information.
Ticket Agent
The Ticket Agent role allows users to sell tickets as cash sales.
This means:
- Place2Book registers the ticket in the system
- Generates a PDF ticket
- Sends it by email
No payment handling is performed by Place2Book.
Ticket Scanner
The Ticket Scanner role allows users to scan tickets using the Place2Book mobile app, for example at event entrances.
It also provides access to scanning statistics for scanned tickets.
Data Constraints
Organizer UUID
Entity ID:
http://place2book.com/constraints/event_maker/2
The organizer-facing roles described above are characterized by granting one role per organizer.
This is expressed through a data constraint called Organizer UUID.
- UUIDs are issued by Place2Book or can be found on the SAML Administrator page
- They follow standard UUID format
- One or multiple UUIDs can be assigned per role
- Multiple UUIDs may be comma-separated within the same constraint
This can simplify configuration by consolidating multiple role connections into a single setup.
Example
Korsbæk Municipality has two libraries in different cities within the same municipality.
-
Library A Has a shared job function role / AD group mapped to the Place2Book Manage role with data constraint
uuid_a -
Library B Has a shared job function role / AD group mapped to the Place2Book Manage role with data constraint
uuid_b -
Library Administration Has a job function role / AD group mapped to the Manage role with data constraint
uuid_a,uuid_b
This setup simplifies administration and avoids the need for multiple separate job function role mappings.
Shared Data Constraint: Organization
The shared municipal data constraint is initially linked to a predefined UUID issued by Place2Book.
This UUID corresponds to the Organizational Unit returned by Organization v6 as the organizational entity associated with the municipality’s CVR number.
This UUID can be changed by Place2Book per municipality and issued to municipal IT departments once a SAML agreement is in place.
Recommendation
Place2Book recommends assigning the SAML Administrator role with this data constraint to the IT department, central IT, or similar authority responsible for:
- Service Platform
- SAML / AD
- User and access management
This ensures that future employees can handle IT support cases for libraries and other municipal units using (or planning to use) Place2Book.
