Setting up Microsoft Entra ID SSO on EdPotential

This article provides information on how to configure your Azure (Microsoft Entra ID) instance for use with EdPotential's Single Sign-On (SSO) system.

Setup in Entra ID

Please note that you will require the Global Administrator role to be able to complete this set up

  1. Visit the Azure portal.
  2. Click Microsoft Entra ID.

  3. Click Add then Enterprise application.

  4. Click Create your own application.

  5. Enter "EdPotential SAML" as the app name.

    Make sure the last option mentioning (Non-gallery) is selected and ignore any suggested applications shown.

  6. Click Create at the bottom.


  7. Click Set up single sign on.

  8. Click SAML.

  9. Click the icon next to the App Federation MetaData Url to copy this to the clipboard. Send this link, along with the details for a test account to support@edpotential.com.

    Please note that you will be unable to fill out boxes 1 and 2 at this time - this is expected.

  10. With this information we will set things up on our side and should get back to you within 24 hours with the information required for the next steps.

Secondary steps

Once you have received a reply from us, go back into the application where you were before and make the following changes:

  1. Click Edit on the first box (Basic SAML Configuration).

    Click Add Identifier and Add reply URL.

    Fill in the Entity ID, Reply URL and Sign on URL as provided in the last email.

    Click Save.


    Click No, I'll test later as this will not work at this time.



  2. Click Edit on the second box (Attributes & Claims).

    Edit the second box User Attributes and Claims. Click to Edit Unique User Identifier (Name ID).

    Click Choose name identifier format and ensure it is set to email address in the drop down.

    Click Source attribute and select user.mail.

    Click Save and then the close 'X' on the right.

    Click No, I'll test later if it appears as this will not work at this time.


  3. Allow user access to the newly created SAML Application:

    Click Properties on the left hand side bar.


Set Assignment required? to No.

Managing access


  1. Go to the Users and Groups menu and add the users, groups and/or roles that will be logging into EdPotential using SSO.
    1. We recommend adding your senior leaders and the staff test account from step 9. Senior leaders will advise later whether they want middle leaders or all teaching staff to have access.
    2. We also recommend avoiding adding a full staff group in case this may include staff members that are not teachers or those that should not have access to student data; for example maintenance staff.
    3. If the staff ID used by KAMAR is stored in Azure, please send this through in the attributes as well.
  2. We both manage access
    1. If you are able to provide an additional claims transformation (role) for teachers to have access, please let us know the name of the transformation and accepted value(s) for this role that correspond to teachers that should have access.

Testing

  1. Email us and let us know which one of the above options has been completed. Once we have received this confirmation, we will finalise the connection and commence testing.

If you experience any issues during this process, please don't hesitate to get in touch.

Did you find this article helpful? Thanks for your feedback! There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us