Work flow to connect a school’s IDP for SSO

Supported IDP

Any service that supports SAML such as Microsoft Entra, Okta, etc

Steps

For any IDP integration, an application is required to communicate with our services.

Microsoft Entra

• Login to your Microsoft Entra with Administrator access

• Navigate to Identity → Applications → Enterprise Applications

• Click + New Application

Open

• Click + Create your own application

Open

• Enter “DegreeAnalytics Integration” for the application name

• Make sure that “Integrate any other application you don’t find in the gallery” is selected

• Click the Create Button

Open

• Setup your users for the app by either assigning them directly to the app or add them to user groups and assign those

Open

• Select the Set up single sign on → Get started link

• Select the SAML option

Open

Entra School Requirements

The school will need to supply the following:

• The App Federation Metadata Url found in the SAML Certificates section

• A comprehensive list of the domain names that users will utilize to login. These will be unique to the school and will allow proper authorization to school resources

Open

• Copy the App Federation Metadata Url

Entra Degree Analytics Requirements

Degree Analytics will supply two values needed to complete the application process.

• The Identifier ID

• The Reply Url

Open

• Click Edit

• Enter the Identifier ID and Reply Url

• Click Save

Open

Entra Configuring the Token claims

There are 2 required claims needed to use the integration: email, name. email and name are default values that are supplied by your IDP.

Open

• Click Edit

The claims will need to be configured to work with the Degree Analytics Idp Integration. Note: Depending on how the Entra account is managed, the Source attribute might be different

• email → user.mail

• name → user.displayname

• given_name → user.givenname (Optional)

• family_name → user.surname (Optional)

An example of modifying the claim. NOTE: Namespace should be empty

Open

Once completed, the claim section should look like

Open

Okta

• Login to your Okta account with Administrator access

• Navigate to Identity → Applications → Enterprise Applications

• Click + New Application

Open

• Click Create App Integration and select the SAML 2.0 option

Open

• Enter Application Name

Open

• Click Next

• Enter the Single sign-on URL and Audience URI supplied by DegreeAnalytics

Open

Okta Configuring the Token claims

There are 2 required claims needed to use the integration: email, name. email and name are default values that are supplied by your IDP.

The claims will need to be configured to work with the Degree Analytics Idp Integration. Note: Depending on how the Okta account is managed, the Value might be different

• email → user.mail

• name → user.displayname

• given_name → user.givenname (Optional)

• family_name → user.surname (Optional)

Open

• Click Next

• Click Finish

• Once the application is created, navigate to the Sign On tab and copy the Metadata URL. This will be supplied to Degree Analytics to finalize the integration

Open

• Setup your users for the app by navigating to the Assignments tab. Users can be assigned either directly to the app or user groups

Open

Okta School Requirements

The school will need to supply the following:

• The App Federation Metadata Url found in the SAML Certificates section

• A comprehensive list of the domain names that users will utilize to login. These will be unique to the school and will allow proper authorization to school resources

Okta Degree Analytics Requirements

Degree Analytics will supply two values needed to complete the application process.

• Audience URI

• Single sign-on URL