new feature to authenticate users using the SAML
protocols for SSO to simplify passwords management and increase security
that will allow your students to login to Accudemia from your
college portal rather than a separate webpage/URL should be relatively
easy to setup in Accudemia. And here's how:
to your school's https://<mycollege>.accudemia.net website using
your domain in place of the <mycollege> and admin credentials
- Now to
enable this option, you can access the setup under the Administration > Control Panel > User
Accounts section form the left-side navigation menu.
- In the User Accounts page of your Accudemia website scroll down to the SAML Single Sign-On
- Here you'll enable SSO by checking the checkbox labeled "Enable SAML SSO".
You'll now need to set the Identity Provider URL,
Public Certificate, and Logout URL to Accudemia so it knows where the
Users will be coming from and directed after they logout. Optionally
there are other things you can do if needed too such as error page and
alternate ID use (if uploaded into Accudemia specifically for SSO).
Here is an sample of this completed:
- Once done completing this section please be sure to save this information at the top of the page by clicking on the Save Changes button.
Now to test it go to your portal that you have setup for users and
attempt to login using your credentials or a test user account.
Configuring your IdP / SAML Server
To configure your Identity Provider (IdP), you need the Accudemia SAML Metadata. You can find it in:
Once you have entered the metadata in your IdP, you will need to set it up to send the user ID or alternate ID in the NameID field, under the Subject tag. It's important to note that the NameID doesn't have to an attribute, but the tag that's defined under the Subject node/tag in the XML. If you look at the SAML authentication request, it should look like this:
- <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">111-11-1111</saml:NameID>
Configuring Active Directory Federation Services (ADFS)
In order to send the NameID in the Subject tag, you need to go to AD FS Management, navigate to Trust Relationships > Claims Provider Trusts, then right-click on your provider and select Edit Claim Rules:
Then click Add Rule and add the following rules:
First, to send the LDAP attribute as a claim, create a rule of type "Send LDAP Attributes as Claims". Set the attribute you want to use to authenticate from your AD. For example, the Employee Number:
Then, create a second rule. This time, select "Transform an Incoming Claim". in another rule transform the NameID to the Subject:
For more information you can also checkout this video: