<aside>
💡 Note: SchooLinks SAML configuration is an add-on feature and must be requested through a customer success team member or implementation manager. The cost to enable and configure will be provided by your implementation manager. SchooLinks SAML is only available for IDP-initiated requests, meaning that the launch point and initial request must be made on the district side and once the user has been authenticated via the identity provider, a SAML request must be made to the SchooLinks platform.
</aside>
<aside>
💡 Prerequisite: Rostering has been completed for users who intend to use SAML (including Students, K12 Admins, and Guardians)
</aside>
Steps to configure and enable SAML
- Importing SchooLinks SAML Metadata in District system
- District IT imports into their system https://app.schoolinks.com/saml2/metadata/
- [Optional] - Schoolinks Engineering has a 30-60 min call supporting district import metadata and creating a SAML app in their respective system
- Importing District SAML Metadata for SchooLinks
-
District generates SAML metadata file with correct attributes.
- The primary attribute that is required is the email address which should be provided as a NameID, for example:
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
- [Optional] SchooLinks Engineering has a 30-60 min call to support the district in generating metadata file with correct attributes
- SchooLinks Engineering imports metadata file into the SchooLinks app
- SchooLinks Engineering production deployment
- Testing and Triaging SAML requests from the District launch point to Schoolinks
- Users’ scopes for SAML should be able to authenticate via the District authentication system and be redirected to SchooLinks Dashboard
- (Optional) - Schoolinks Engineering has a 30-60 min call to support the district in triaging and debugging unsuccessful SAML requests to SchooLinks and assists the district modify the metadata file to ensure successful authentication