Step 1 – Configure SAML Application in your IDP
Choose the guide below to see examples of how to configure your IDP. If your IDP is not listed, please review the Okta guide as it tends to be the most helpful for less common applications:
- Google SAML V2 Integration
- Classlink SAML V2 Setup Guide
- Okta SAML V2 Setup Guide
- Azure Active Directory SAML V2 Setup Guide
- OneLogin SAML V2 Setup Guide
Once your IDP is configured proceed to Step 2 below.
Video instructions for SAML Role Mapping
You'll need to play the video in full-screen mode to see the relevant details.
If you'd prefer to use written instructions, please continue to Step 2 below.
Step 2 – Configure Digital Campus SAML Authentication
- Log Into your Digital Campus portal and select the Admin section (e.g.: https://digitalcampus.swankmp.net/[your site ID]/admin )
- Select Authentication/SAML Settings in the left menu
- Locate the IdP Metadata XML file from your IDP
- Click Import Identity Provider Settings
- In the Load External Identity Provider Settings pop up window, click Select and navigate to the IdP Metadata XML file you saved from Step 1, Bullet 5
Note: The EntityID (optional) field is only needed if the IdP XML contains multiple EntityIDs. This is not common
Click Save
- In the Load External Identity Provider Settings pop up window, click Select and navigate to the IdP Metadata XML file you saved from Step 1, Bullet 5
- Test the SAML settings by clicking Test SAML Login
- When prompted enter your user credentials and password
- If everything is set up properly you will receive a "Success" message in a pop-up window. This message contains important information about what attributes are being returned and what you can use to elevate permissions if needed
Step 3 – Role Mapping, User Authorization, and Permission Elevation
All successful authentications will be authorized at the "Basic" or "User" account levels (role) by default depending on the market. To elevate permissions to a higher permission level for Instructors or Administrators you will need to add Role Mappings to grant this elevation either by Attribute Value or Individual UserID. For more information on Account Level Permissions, please see the following article:
https://swankmp.clickhelp.co/articles/#!creating-users/user-administration-instructor-accounts
Option 1: SAML Role Mapping via Attributes (recommended)
To use this you will need to identify or create an attribute that defines the user group(s) and differentiates them from the general population (students). You can see what attributes are currently being delivered in your SAML statement in the Test results. Example below:
"UserID": "gsuiteteacher01@k12digitalmovies.com", "Attributes": [ { "Name": "costcenter", "Value": "teacherCostCenter" }, { "Name": "department", "Value": "Science" }, { "Name": "jobtitle", "Value": "teacherJobTitle" }, { "Name": "urn:oid:0.9.2342.19200300.100.1.3", "Value": "gsuiteteacher01@k12digitalmovies.com" }, { "Name": "urn:oid:2.5.4.4", "Value": "teacher01" }, { "Name": "urn:oid:2.5.4.42", "Value": "gsuite"
In this example, you can see the attribute "department" has a value of "science". We will use this as an example as to how to grant "Instructor" permissions to all users with this attribute value:
- Under Option 1: Saml Role Mapping, Click SAML Role Mapping
This will take you to the Advanced Settings/Role Mapping area of the admin - Click Add Role Mapping
- In the Create New Role pop-up window, for this example you would enter:
Attribute Name: department
Value: Science
Role: Instructor - You will now see your Role Mappings in the listing
You may add as many of these as needed for Instructor and Administrator permissions.
Option 2: Individual User Role Mapping
You may use this option if you do not have a defining SAML attribute, or if you just need a allow a few individuals elevated permissions. Here you will need to use the "UserID" that is delivered in the SAML statement from your IDP. This could be an email address, user name, or GUID. You will find this in the test results in Step 2, Bullet 5.
Example:
"UserID": "gsuiteteacher01@k12digitalmovies.com"
Adding Individual Users
-
- Click Add User
- Enter the specific user's UserID in the field and select the Role you wish to elevate them to.
Example:
UserID: gsuiteteacher01@k12digitalmovies.com
Role: Instructor
- Click Add User
You may add as many users as needed. You may also wish to bulk import these to ease managing these users. See next step.
Bulk Import Users
- Select Import Users
- Here you have two choices: To import using a file, or to add multiple entries separated with delimiters
You can download a file template in the popup window to assist in formatting - For File Import click Select file... and browse to the file location on your computer
- For "Multiple Entries" choose the delimiter style you wish to use and the role for these users and paste or type the UserIDs in the window provided
- You users will now appear in the listing
Comments
0 comments
Article is closed for comments.