Getting Started with Slate
To hit the ground running, there are some basic initial set-up tasks that need to be completed by the institution.
The domain provisioned for Slate will be used for both its public-facing and administrative resources. The public-facing resources will be wrapped into your HTML template, and the root of this site will redirect back to your main website. The domain will be for the exclusive use of Slate, and you will therefore need to select a subdomain that is not currently being utilized. Popular admissions domains include “apply”, “admissions”, “connect”, and “engage”, and popular advancement domains include “advance”, “give”, and “connect”.
In the DNS zone file entries below, make special note of the technolutions.net domains used as well as the spelling of Technolutions. Although our company website and email addresses use technolutions.com, our infrastructure addresses use the technolutions.net domain. When the subdomain has been created and is active, visiting that domain will return a page that says “This website is temporarily unavailable. Please try again later.” This message is your confirmation that the subdomain has been created.
The domain configuration will vary based upon whether the instance is sited in the United States, Canada, European Union, or Asia Pacific region.
apply.university.edu IN CNAME cluster.technolutions.net
apply.university.edu IN CNAME cluster.ca-central-1.technolutions.net
apply.university.edu IN CNAME cluster.eu-west-1.technolutions.net
apply.university.edu IN CNAME cluster.ap-northeast-1.technolutions.net
In order to help ensure the delivery of emails sent through Slate, we recommend adding the following DKIM entries to your DNS, substituting university.edu for your email domain.
slate-mx.university.edu IN CNAME sg.technolutions.net. slt._domainkey.university.edu IN CNAME slt._domainkey.technolutions.net. slt2._domainkey.university.edu IN CNAME slt2._domainkey.technolutions.net.
Slate supports the following single sign-on and authentication/identity providers. Providers are listed in two tiers. For each provider, we have listed the information you will need to send us and configuration actions you will need to take.
The single sign-on is used only for administrative logins. End-users will not need accounts with the single sign-on, as they will be issued credentials by Slate and will directly authenticate through Slate. Please allow-list our outbound IPs of 220.127.116.11, 18.104.22.168, and 22.214.171.124 if this machine is firewalled.
Tier 1 (Preferred)
Allow-list the Slate domain (e.g., apply.university.edu) if operating the CAS server in an allow-list-only mode
The service endpoints for /login, /logout, and /serviceValidate
SAML / SHIBBOLETH / AZURE AD / ADFS
Your metadata URL
The attribute name through which you will release the user ID (uid, sAMAccountName, etc.), or whether it will be released as the name-id; no other attributes need to be released
Logout URL, if applicable
We will send you a link to our metadata to add to the profile as a service provider
Tier 2 (Secondary)
LDAP / ACTIVE DIRECTORY
Your host name, protocol (LDAP, LDAPS), and port
Service account credentials, if those are required to connect
User ID attribute (uid, sAMAccountName, etc.)