As a customer of WeSchool, you have the convenience of accessing the platform through your organization's Identity Provider (IdP). This means there's no need to manage a separate email and password for WeSchool, streamlining your sign-in process and enhancing security.
SSO (Single Sign-On) is a user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications. The beauty of SSO is its simplicity; it streamlines the login process by reducing password fatigue, minimizing the chance of phishing, improving user experience, and enhancing security protocols.
What SSO providers are supported?
Currently, WeSchool supports Microsoft Azure AD as the default identity provider for SSO. This means that organizations using Azure AD can easily connect their directory with WeSchool, allowing users to access our platform with their existing Azure AD credentials.
If your organization utilizes an SSO provider other than Microsoft Azure AD, please reach out to firstname.lastname@example.org. We will explore the possibility of supporting your specific SSO solution.
My organization wants to enable single sign-on. How do we do that?
If you’re already in communication with our sales team, please ask your sales rep. If you are exploring the WeSchool platform and you haven’t yet communicated with someone from our team yet, contact email@example.com to enable SSO for your organization.
We will need the following information to enable SSO for your organization:
- The user's email domain
- Example: @customer-name.com
- The external identity provider (IdP) configuration values, including:
- The single sign-on URL
- The log out URL
- The signing certificate
Test Environment Integration:
- Provide WeSchool with your Azure AD metadata.
- Add test user accounts in Azure AD.
- Input your Azure AD metadata into the WeSchool SSO configuration.
- Share WeSchool SSO service details and metadata with you.
Collaboratively verify the SSO workflow, ensuring seamless authentication.
Production Environment Integration:
- Send the Azure AD metadata to WeSchool tailored for the production environment.
- Implement the WeSchool metadata into your Azure AD setup.
- Enroll production user accounts in Azure AD and link them to the WeSchool platform.
Validation and Approval:
- Perform a comprehensive test of the SSO functionality in the production setting.
- Approve the activation of SSO for the production launch.
- Inform your end-users about the commencement of SSO services.
Data Parameters Requirement:
From the Customer to WeSchool:
- Configured Azure AD domain(s) for SSO (e.g., @customer-name.com) and Tenant id
- Azure AD metadata file or URL
- Defined SAML attributes and required protocols, such as:
- Unique User Identifier (NameID)
- User Principal Name (UPN)
- Full Name
- Email Address
- Azure AD SSO endpoint URL and Binding (HTTP POST or HTTP REDIRECT)
- X509 Certificate from Azure AD (to authenticate signed assertions)
- Designated primary user identity field
From WeSchool to the Customer:
- WeSchool metadata file or configuration details
- Assertion Consumer Service (ACS) URL
- WeSchool Entity ID for SAML integration
- WeSchool X509 Certificate (for signing SAML assertions)
By following these steps, you can ensure a secure, effective Azure AD SSO integration for both the testing phase and the full production rollout. Testing in the test environment is crucial before you proceed to the production environment to ensure a smooth transition and go-live process.