Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 3 Next »

Work flow to connect a school’s IDP for SSO

Supported IDP

Any service that supports SAML such as Microsoft Entra, Okta, etc

Steps

For any IDP integration, an application is required to communicate with our services.

Microsoft Entra

  • Login to your Microsoft Entra with Administrator access

  • Navigate to Identity → Applications → Enterprise Applications

  • Click + New Application

  • Click + Create your own application

  • Enter “DegreeAnalytics Integration” for the application name

  • Make sure that “Integrate any other application you don’t find in the gallery” is selected

  • Click the Create Button

  • Setup your users for the app by either assigning them directly to the app or add them to user groups and assign those

  • Select the Set up single sign on → Get started link

  • Select the SAML option

School Requirements

The school will need to supply the following:

  • The App Federation Metadata Url found in the SAML Certificates section

  • A comprehensive list of the domain names that users will utilize to login. These will be unique to the school and will allow proper authorization to school resources

Copy the App Federation Metadata Url

Degree Analytics Requirements

Degree Analytics will supply two values needed to complete the application process.

  • The Identifier ID

  • The Reply Url

  • Click Edit

  • Enter the Identifier ID and Reply Url

  • Click Save

Configuring the Token claims

There are 3 required claims needed to use the integration: email, name, daadmin. email and name are default values that are supplied by your IDP. daadmin is a custom attribute that will be require to be added and passed to manage which users are admins.

  • Click Edit

The claims will need to be configured to work with the Degree Analytics Idp Integration. Note: Depending on how the Entra account is managed, the Source attribute might be different

  • email → user.mail

  • name → user.displayname

  • daadmin

    • This can be configured multiple ways depending on how the school has their Entra account configured. It must return a integer value of 1 or 0. This will control which users are admins in the app. If this value is not passed in, the user will be assumed to not be an admin

  • givenname → user.givenname (Optional)

  • lastname → user.surname (Optional)

An example of modifying the claim. NOTE: Namespace should be empty

Once completed, the claim section should look like

Degree Analytics Integration

  • No labels