**IMPORTANT** Activating SAML authentication will prevent users from being able to log in with a SchoolObjects account. If you activate SAML with errors in the configuration setup, you will need to contact the Eduphoria support team to disable SAML due to the fact that you won't be able to log in. Eduphoria's support team must be made aware of when your district is making the configuration change so they can be on standby.
Note: This allows users to log in with their Azure AD credentials, but it will not create users in Eduphoria if they do not already exist. If a user tries to log in with their Azure AD credentials and does not have an account in Eduphoria, they will get an error message that they do not exist. Users can be manually created in Eduphoria, or synced from Active Directory automatically via our AD Sync Tool.
To support electronic signatures with SAML, we must require users to authenticate with the IdP every time they access the software. This ensures that the proper user is logged in if a different user signed a document on the machine earlier.
SAML authentication is optional and is hidden by default. Email firstname.lastname@example.org to enable the SAML configuration tab.
The following instructions walk you through the process of setting up Microsoft Azure AD and Eduphoria, so your users can log in to Eduphoria with their Microsoft Azure AD account.
Microsoft Azure AD Configuration
Step 1: In a browser, navigate to https://portal.azure.com/ and log in.
Step 2: From the portal menu, select Azure Active Directory.
Step 3: Select Enterprise applications.
Step 4: Click the New application button.
Step 5: On the Browse Azure AD Gallery screen, select Create your own application.
Step 6: On the Create your own application screen, select the Integrate any other application you don’t find in the gallery (Non-gallery) option. Then, click Create.
Step 7: In the new screen, type Eduphoria in the Name dialog box, and click Add. On the Overview pane, select 1. Assign users and groups.
Click Add user, then select Users and groups.
In the search box, search for and select the users and groups who will be allowed to log in to Eduphoria. Users and groups have to be selected here, or they will not be able to log in. Click the Select button, then click the Assign button on the next screen.
Step 8: Select Single Sign-On.
Select the SAML option.
Step 9: In the Basic SAML Configuration section, click the pencil icon to edit and then update the Identifier (Entity ID) and Reply URL with the information below. When finished, click Save. Don't make any other changes to this section.
Identifier (Entity ID): urn:eduphoria.schoolobjects.web
Reply URL: https://districturl.schoolobjects.com/AuthHosted/Saml2/AssertionConsumerService
(Replace districturl with your district’s customized Eduphoria URL.)
Step 10: In the SAML Signing Certificate section, download the Certificate (Base64), and save it somewhere you can easily find it. You will need access to the certificate when you are configuring Eduphoria in the steps below.
Step 11: In the Set up Eduphoria section, copy the Login URL and paste it somewhere handy (like Notepad), or leave this page open. You will need it when you are configuring Eduphoria in the steps below.
Step 1: From the home screen in SchoolObjects, click the Management icon.
Step 2: Click on Directory Services.
Step 3: Select the SAML tab.
DO NOT check the box to Enable SAML2 until everything has been configured and you are ready to test. Clicking this box will require a login through SAML, and regular SchoolObjects logins will no longer work.
Step 4: Paste the Login URL from Azure into BOTH the SAML2 Single Sign in URI and SAML2 Single Sign out URI boxes. These two boxes should be identical.
Step 5: Navigate to where you saved the Certificate (Base64) from Azure. Right-click it and open it with Notepad.
Copy everything between the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines, but do not copy the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines themselves.
Paste the certificate info into the SAML2 Public Signing Certificate box.
Step 6: Check the Enable SAML2 box, and click Save.
Whenever a user navigates to your custom Eduphoria URL (districturl.schoolobjects.com) after a successful configuration, it will take them to the MS Azure authentication screen to log in.