Accudemia: How do I enable SAML SSO (Single Sign-On) for my account?

Accudemia: How do I enable SAML SSO (Single Sign-On) for my account?

Introduction

This feature authenticates users using the SAML protocols for SSO. It simplifies password management, increases security, and allows students to log into Accudemia from a unique college portal, rather than a separate webpage/URL. This article will explain how to do this.

Previous knowledge on IdP systems will be required for this article.

Step-by-Step

Configuring Accudemia

1. Log into Accudemia.



2. Go to Administration > Control Panel > User Accounts from the navigation menu at the top of the screen.



3. Scroll down to the SAML Single Sign-On section, and enable SSO by checking the box labeled "Enable SAML SSO."

The Identity Provider URL, Public Certificate, and Logout URL need to be set for Accudemia so it knows where the users will be coming from and directed after they log out. Optionally, an error page could be set, as well as alternate ID use (if uploaded into Accudemia specifically for SSO).




4. Save this information by scrolling back to the top of the screen and clicking the Save Changes button.

5. Test to make sure it works.
Go to the portal that was set up for users and attempt to log in.

Configuring the IdP/SAML Server

To configure an Identity Provider (IdP), the Accudemia SAML Metadata is required. It can be found using the following link.

https://<your-domain>.accudemia.net/saml/metadata.aspx

1. Copy all the metadata from the previous link, then paste it into the IdP.

2. Set the IdP up to send the user ID or alternate ID in the NameID field under the Subject tag.

It's important to note that the NameID doesn't have an attribute, but the tag that's defined under the Subject node/tag in the XML does.

The SAML authentication request should appear in a numbered sequence with the code in the following image.
  1. <saml:Subject>
  2.      <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">111-11-1111</saml:NameID>
  3.      ...
  4. </saml:Subject>

Configuring Active Directory Federation Services (ADFS)

To send the NameID in the Subject tag:

1. Go to AD FS Management and navigate to Trust Relationships > Claims Provider Trusts, then right-click on the provider and select Edit Claim Rules.



2. Click the Add Rule button, and add the "employee number" and "Name ID to Name ID" rules.



3. Send the LDAP attribute as a claim by creating a rule of type "Send LDAP Attributes as Claims."
Set the desired attribute to authenticate from the AD. For example, the Employee Number.


4. Create "Transform an Incoming Claim" as a second rule.

5. Finally, transform the NameID to the Subject as a third rule.



For more information watch the following video.

For any further questions regarding this feature, please contact the support team at support@accudemia.com or Submit a Ticket.


    • Related Articles

    • Accudemia: How do I enable SAML SSO (Single Sign-On) for my account?

      For the Updated Version of Accudemia 7.0 Click the link below: https://desk.zoho.com/portal/engineerica/kb/articles/accudemia-7-0-how-do-i-enable-saml-sso-single-sign-on-for-my-account This new feature to authenticate users using the SAML protocols ...
    • Accudemia: How do I bypass SSO to log in directly?

      Introduction Accudemia can be set up to utilize a Single-Sign-On (SSO) system using Security Authentication Markup Language (SAML). This is a tool that allows users to only require one set of login information across an entire system. SSO will ...
    • AccuCampus How to integrate SAML authentication?

      INTRO SAML-based single sign-on is available for AccuCampus, to set this up please go to your Advanced Options->Settings->Account Settings > Single Sign-On page. SAML Single Sign-On Enabled - Please use this option to enable SAML Single Sign-On ...
    • Single Sign-On Requirements for AccuCampus

      Introduction The aim of this document is to explain how to integrate your own site or portal with AccuCampus. It also includes usage examples so you can get started faster. This alternative access method would allow you to integrate AccuCampus into ...
    • How do I set up a sign-in station for courses (Single-Step Kiosk) in AccuCampus?

      This article explains how to create a single-step kiosk (sign-in station) within AccuCampus. A Single-step Kiosk signs the user into a course or seminar based on the schedule of the location.  1. From the Main Sidebar, hover over Center Visits. 2. ...