Active Directory Remote Authentication

Eduphoria offers an Active Directory (AD) Remote Authentication tool to help districts manage user accounts and eliminate the need for multiple passwords for Windows users. The tool currently does not support Mac users. 

Note: Eduphoria supports a single external Identity Provider (IdP). Students cannot use a different IdP than staff.

What the AD Remote Authentication Tool Does

Eduphoria’s Active Directory Remote Authentication tool allows your users to log in to Eduphoria with their Active Directory account. This is typically the same account teachers and staff use for their district email. 

This tool can save time and frustration for users and district support staff. When an Active Directory account is activated, the account for Eduphoria is also activated on the first login. When the user changes their Active Directory account password, the user or support staff does not need to separately update the Eduphoria password.

How the AD Remote Authentication Tool Works

Users authenticate to Active Directory from a lightweight remote authentication server that is installed inside your district. Once authenticated on that server, they are redirected to our platform with a secure OAUTH2 token, which identifies them to our servers. 

From a user’s perspective, it looks as if they are logging directly into our platform with their Active Directory account.

Why the AD Remote Authentication Tool Is So Great

When a district uses the AD Remote Authentication tool, Active Directory credentials are never sent over the web. Accounts are securely managed by the district via their existing Active Directory tools. Username changes go into effect the next time a user logs in, meaning there is no need to manually update or wait for a nightly sync. 

The tool keeps all your district user accounts up­-to­-date and ensures district password security measures are maintained without increasing IT staff workload.

Setting up the AD Remote Authentication Tool

Step 1: Review the remote authentication server requirements.

Step 2: Begin building the remote authentication server.

Step 3: Email Eduphoria Technical Support to complete the integration.

Remote Authentication Server Requirements

Districts must provide a web server that meets the following minimum requirements:

• Windows Server 2016 or later

• Server Grade Intel Processor

• 8GB of RAM

• 80GB HDD Space on C:

• HTTP (80) and HTTPS(443) access from the internet

• Public DNS entry (ex. eduphoria.districtisd.org)

• Valid SSL certificate

• Access on 443 for SSL

• Member of Active Directory Domain

• AD Group or Groups that will be allowed to log in

• AD Accounts that will be logging in must have an email address defined in Active Directory 

Depending on current account management settings, districts may be required to create an application-specific password for initial setup on the AD Sync Tool, the Aware Plain Paper Scanning Tool, and the Remote Roster Tool.

Setting up Student Groups for Active Directory

Should a student need to log into Eduphoria and you would like them to authenticate through the AD credentials, then you can establish them in Student Groups. By doing so, students will not need a separate password for Eduphoria.

Step 1: Navigate to the Student Groups tab and upload the necessary information into the tool.

Note: Students must be in a single Student Group or be nested in a Student Group within the top-level Student Group. For instance, a top-level Student Group named All Students may have sub-groups within it like High School Students, Elementary Students, etc.

Step 2: Navigate to Directory Services & Student Sign-On in Management. 

Step 3: Open the Alternative Student Sign-On tab, and select the box next to Students log in with alternate method.

Note: Student usernames in Active Directory must match the student local ID in Eduphoria. If they don't, contact Eduphoria support.

Login processes for a student will function the same as it does for regular staff members.