Overview
Finalsite Enrollment provides Single Sign-On (SSO) support for SystemAdmin, Admin, User, and Limited User accounts in schools using Google and Microsoft services.
SSO enables the school to leverage a trusted external site for user verification. One significant advantage of SSO is a decrease in login troubleshooting and the convenience of logging in from various devices when necessary.
Parent SSO
SSO is automatically available to all parents when they log in. Utilizing SSO on the admin side does require additional internal setup (outlined below), but, on the parent end, there's nothing to turn on or enable, it's automatically available to your parents. For more info on the parent login experience, please refer to our Overview of Parent Login Options: Manual Account Creation and SSOarticle.
In this Article
Setup
To set up SSO, navigate to Settings > Portal > OAuth Configuration.
Who can access this page?
Admin Account Types: System Admins
Permissions: Any
Note: You can hover on the "i" for each of these settings to learn more.
-
Required for admins: Select either Google or Microsoft from the dropdown. This is a global setting that will require SSO for any admin with a Finalsite Enrollment account to log in. If all users do not have a G-suite account, you'll leave this dropdown blank.
-
Allowed Domains: This is where you'll include the domain of your school's G-Suite or Microsoft account. Type in the name of your domain and select 'create option' as shown below. The domain will be added to the allowed domain list. If there are multiple domains across campuses or school levels, you can add multiple domains.
Once the domain(s) have been added, Click Submit to save the configuration.
Signing In
On the Admin Sign-In page, the email address and password fields will be replaced with the message and button below.
Once you click on the 'Sign in with Google' button, you'll be prompted to select the Google account you'd like to use.
Click on the account and if your authentication is successful, you'll be logged in and a success message will display at the top of the page. If the login fails, you will see a red error message.
On the Admin Sign-In page, the email address and password fields will be replaced with the message and button below.
Once you select the Sign in button, you'll be prompted to select your account.
Keep in mind: First-time users may see a pop-up that asks them to confirm that they would like to use SSO before they log in. Once it's approved, it should not show again. That pop-up looks like this:
Once you select your account, if your authentication is successful, you'll be logged in and a success message will display at the top of the page. If the login fails, you will see a red error message.
Important Behaviors of SSO
- In order to use this, you need to have enabled Google G-Suite or Microsoft for all staff accounts. Please note, this is different than personal email accounts.
-
Admin Portal Accounts need to be created/exist for SSO permission to be granted.
-
If a user cannot log in, they will see an error message displayed if a Finalsite Enrollment account doesn't exist for them. You will also be notified of the domain(s) you’ll need to sign in with if you use the wrong one.
-
If a System Admin/Admin/User/Limited User account is removed in G-Suite or Microsoft, that same Admin/User will not be able to log into Finalsite Enrollment.
-
Their account will still exist within Finalsite Enrollment, however, the log-in will no longer work.
-
-
If the SSO is turned off, inform your users in advance so they can reset their passwords.
-
Session time-out is set to 2 weeks.
Comments
0 comments
Article is closed for comments.