Domain Configuration

The domain provisioned for Slate will be used for both its public-facing and administrative resources. The public-facing resources will be wrapped into your HTML template, and the root of this site will redirect back to your main website. The domain will be for the exclusive use of Slate, and you will therefore need to select a subdomain that is not currently being utilized. Popular admissions domains include “apply”, “admissions”, “connect”, and “engage”, and popular advancement domains include “advance”, “give”, and “connect”.

In the DNS zone file entries below, make special note of the technolutions.net domains used as well as the spelling of Technolutions. Although our company website and email addresses use technolutions.com, our infrastructure addresses use the technolutions.net domain. When the subdomain has been created and is active, visiting that domain will return a page that says “This website is temporarily unavailable. Please try again later.” This message is your confirmation that the subdomain has been created.

The domain configuration will vary based upon whether the instance is sited in the United States, Canada, European Union, or Asia Pacific region.

UNITED STATES:         apply.university.edu IN CNAME cluster.technolutions.net
CANADA:                     apply.university.edu IN CNAME cluster.ca-central-1.technolutions.net
EUROPEAN UNION:    apply.university.edu IN CNAME cluster.eu-west-1.technolutions.net
ASIA PACIFIC:              apply.university.edu IN CNAME cluster.ap-northeast-1.technolutions.net

DKIM Configuration

In order to help ensure the delivery of emails sent through Slate, we recommend adding the following DKIM entries to your DNS, substituting university.edu for your email domain.

slate-mx.university.edu              IN CNAME sg.technolutions.net.
slt._domainkey.university.edu    IN CNAME slt._domainkey.technolutions.net.
slt2._domainkey.university.edu  IN CNAME slt2._domainkey.technolutions.net.

Single Sign-On

Slate supports the following single sign-on and authentication/identity providers. Providers are listed in two tiers. For each provider, we have listed the information you will need to send us and configuration actions you will need to take.

The single sign-on is used only for administrative logins. End-users will not need accounts with the single sign-on, as they will be issued credentials by Slate and will directly authenticate through Slate. Please allow-list our outbound IPs of 34.197.57.115, 34.197.58.165, and 35.161.51.209 if this machine is firewalled.

Tier 1 (Preferred)

CAS

• Allow-list the Slate domain (e.g., apply.university.edu) if operating the CAS server in an allow-list-only mode

• The service endpoints for /login, /logout, and /serviceValidate

SAML / SHIBBOLETH / AZURE AD / ADFS

• Your metadata URL

• The attribute name through which you will release the user ID (uid, sAMAccountName, etc.), or whether it will be released as the name-id; no other attributes need to be released

• Logout URL, if applicable

• We will send you a link to our metadata to add to the profile as a service provider

Tier 2 (Secondary)

LDAP / ACTIVE DIRECTORY

• Your host name, protocol (LDAP, LDAPS), and port

• Service account credentials, if those are required to connect

• Base DN

• User ID attribute (uid, sAMAccountName, etc.)