Enabling Single Sign-On (SSO) with EdPotential

EdPotential currently supports two methods of Single Sign-On (SSO). This article contains information on getting either option set up.

SAML

The first step is contacting us to enable SAML logins for your school. By default, this is disabled. This will give you access to the following URLs where SCHOOL_ID is the ID of your school on EdPotential:

• Sign in page: https://goedpotential.com/SCHOOL_ID/signin.htm
  • This is the page you will need to redirect your users to initiate the login process.
• ACS page: https://goedpotential.com/SCHOOL_ID/acs.htm
  • You'll need to set this URL in your Identity Provider (IdP).
• Metadata: https://goedpotential.com/SCHOOL_ID/metadata.htm
  • This is also needed to be set in your IdP.

Note: In our metadata, we provide a validUntil attribute at the top. This is meant to signify that our metadata has expired and that the IdP should fetch the current version. Some IdPs do not support this value, so this attribute may need to be removed before adding it to your IdP.

After this is has been set up, we require the metadata and URL of your Identity Provider. If your Identity Provider has an entity ID, we'll need that too.

We'll then complete the config setup. Following this, we'll need a user to log in through the SAML process.

We use the following attributes by default, but they can be changed if you use a different set in your provider.

OAuth

We will need to know the following:

• Authorisation URL
• Token URL
• OAuth key

Once these have been provided to us, we can set up OAuth for your school.