EdApp SSO Documentation

Last updated, January 2020

Available on the Pro Plan

Contents

 

SSO (or single-sign-on) is the ability of EdApp to identify users through an external Identity Provider, or IDP.

Instead of registering on the app through an invite code or invitation email, users are directed to their company identity portal, fill in their company login details, and are redirected back to EdApp. This enables a user to log in to multiple systems via a single portal. On EdApp's side a user is internally created to match the user's details sent back from the IDP.

Providers

We provide support for SAML based SSO integrations. This includes:

- Active Directory

- Okta

- OneLogin

- Salesforce

- Auth0

- Ping Identity

- All other systems that use SAML 2.0.

Set Up

SSO can be set up via our LMS (admin.edapp.com) with the ‘Single Sign-On’ button in the top right.

Once you have a SAML IDP setup you can fill in the relevant details on this page which will enable SSO for your users.

 

Company ID

The ‘Company ID’ field relates to the ACS (Reply) URL field in your IDP. The format in your IDP is - https://api.edapp.com/sso-saml-callback/{COMPANY-ID}

For example, if your company ID in EdApp is ‘mycompany’ your ACS (Reply) URL in your IDP would be - https://api.edapp.com/sso-saml-callback/mycompany

SSO URL

This URL will be available in your IDP under the ‘Login URL’ field.

SAML Entity ID

Your entity ID must match the entity ID for this configuration in your IDP. For example, you can use – https://admin.edapp.com

SAML Certificate file

Depending on your IDP you may need to add a certificate file for your SSO to function. This should be provided by your IDP. Consider adding a certificate file even if your IDP doesn’t enforce it to enhance the security of your application.

Security

We support 2-way authentication certificates to provide an additional layer of security.

A certificate can be uploaded to ensure that only users authenticated by your portals private key can gain access to the EdApp platform.

A second certificate allows your platform to authenticate EdApp when we call your Identity Provider. This guarantees the security of your IDP.

User Synchronization

Users are created in EdApp as soon as they log in to our system using SSO. In the event you wish to create the users in EdApp before they log in with SSO, that can be done through our LMS and with our public API. If a user exists in the system with the same email address as the user signing in through SSO, EdApp will treat them as the same user.

In the event an SSO user needs to be deleted from the EdApp system, this can also be handled through or LMS and through our public API.

Additional Features

SSO integrates seamlessly with EdApp’s Dynamic User Groups feature. Data can be passed from your IDP to EdApp’s system including job title, location, department, and starting date. This information can then be mapped to an EdApp Dynamic User Group which automatically groups your users as soon as they log in to the system!