Authentication
Work flow to connect a school’s IDP for SSO
Supported IDP
Any service that supports SAML such as Microsoft Entra, Okta, etc
Steps
For any IDP integration, an application is required to communicate with our services.
Microsoft Entra
Login to your Microsoft Entra with Administrator access
Navigate to Identity → Applications → Enterprise Applications
Click + New Application
Click + Create your own application
Enter “DegreeAnalytics Integration” for the application name
Make sure that “Integrate any other application you don’t find in the gallery” is selected
Click the Create Button
Setup your users for the app by either assigning them directly to the app or add them to user groups and assign those
Select the Set up single sign on → Get started link
Select the SAML option
Entra School Requirements
The school will need to supply the following:
The App Federation Metadata Url found in the SAML Certificates section
A comprehensive list of the domain names that users will utilize to login. These will be unique to the school and will allow proper authorization to school resources
Copy the App Federation Metadata Url
Entra Degree Analytics Requirements
Degree Analytics will supply two values needed to complete the application process.
The Identifier ID
The Reply Url
Click Edit
Enter the Identifier ID and Reply Url
Click Save
Entra Configuring the Token claims
There are 2 required claims needed to use the integration: email, name. email and name are default values that are supplied by your IDP.
Click Edit
The claims will need to be configured to work with the Degree Analytics Idp Integration. Note: Depending on how the Entra account is managed, the Source attribute might be different
email → user.mail
name → user.displayname
given_name → user.givenname (Optional)
family_name → user.surname (Optional)
An example of modifying the claim. NOTE: Namespace should be empty
Once completed, the claim section should look like
Okta
Login to your Okta account with Administrator access
Navigate to Identity → Applications → Enterprise Applications
Click + New Application
Click Create App Integration and select the SAML 2.0 option
Enter Application Name
Click Next
Enter the Single sign-on URL and Audience URI supplied by DegreeAnalytics
Okta Configuring the Token claims
There are 2 required claims needed to use the integration: email, name. email and name are default values that are supplied by your IDP.
The claims will need to be configured to work with the Degree Analytics Idp Integration. Note: Depending on how the Okta account is managed, the Value might be different
email → user.mail
name → user.displayname
given_name → user.givenname (Optional)
family_name → user.surname (Optional)
Click Next
Click Finish
Once the application is created, navigate to the Sign On tab and copy the Metadata URL. This will be supplied to Degree Analytics to finalize the integration
Setup your users for the app by navigating to the Assignments tab. Users can be assigned either directly to the app or user groups
Okta School Requirements
The school will need to supply the following:
The App Federation Metadata Url found in the SAML Certificates section
A comprehensive list of the domain names that users will utilize to login. These will be unique to the school and will allow proper authorization to school resources
Okta Degree Analytics Requirements
Degree Analytics will supply two values needed to complete the application process.
Audience URI
Single sign-on URL