Below you can find instructions on how to configure single-sign on (SSO) for your district.
Before beginning, let your customer success manager know which staff will be setting up SSO so that we can make sure they have access to the SSO interface within the platform.
Log in to the platform > click Account > Management > SSO > Set up SSO Connection
Select your identity provider, or click custom SAML or custom OIDC
If you select an existing provider, follow the instructions on the screen.
When configuring the connection in your identity provider, you will need to include the following claims:
First name
Last name
Email
Schools the user should have access to, provided as a single array of school ids stored in a field labeled schoolIds. Ex.
schoolIds: [001, 002, 003]
We are expecting the ids used in the claims to match the ids provided in the data exports. If the identity provider uses a different set of ids, please provide your customer success manager with a mapping of the identity provider ids to the school ids provided in your data exports.
If you have staff that are assigned administrative ids and should have access to all schools in the district, please notify your customer success manager of how these staff can be identified. For example, all staff with ids starting with a 9 or an A.
If you need to assign different groups of staff to different types of roles, for example, some with access to student level data and some without, you can provide a group claim and map the groups to different roles within the platform. Your default access should most likely be either: Full Access w/ Truancy Approval or Full Access (w/o truancy approval), depending on whether you use our truancy product. If you have questions, please ask your customer success manager.
After setting up the SSO connection, you will need to claim your domain. This is to identify which users should be routed through your SSO. The domain should be everything that comes after '@' in your district email accounts. If needed, you can configure multiple domains.
Please confirm the set up is fully configured with your customer success manager before setting SSO live for all of your users.
Any user connecting to the platform for the first time through SSO will be provisioned with a new account. Please do not bulk provision users.