ADFS/SAML: How to configure teacher login
This guide shows how ADFS/SAML authentication works in your SchoolCloud system and explains how to set it up.
How does it work?
Once set up, SAML means that when your teachers go to the teacher login for your system they see a green login button. When they click the button their email address is read from SAML and matched to the email address on the teacher record in Parents Evening (you can find or check this via Data > Teachers).
How to set up ADFS authentication
In order to setup ADFS/SAML authentication, you will firstly need access to your ADFS platform. If you don't have that, please get in touch with your IT department and refer them to this article. Here are the steps for setting up your authentication on an ADFS server:
- On your ADFS platform, add a new Relying Party Trust. When asked for the metadata URL, please use:
https://auth.parentseveningsystem.co.uk/saml
NOTE: Servers not utilising the TLS1.2 protocol by default will see the following error:
You can find instructions on correcting this in the "Enabling Strong Authentication for .NET Applications" section of this
Microsoft help article.
- Once you've added the trust, go to the Edit Claim Rules section then:
- Add a new Send LDAP Attributes as Claim rule with the following settings:
- Add a new Transform an Incoming Claim Rule:
- Add a new Send LDAP Attributes as Claim rule with the following settings:
- In your SchoolCloud system go to Settings > Teacher Authentication and select SAML Authentication.
- Enter the link for your metadata into the Metadata URL text box. The metadata URL is normally something like https://adfs.domain/federationmetadata/2007-06/federationmetadata.xml.
- Finally, enter the Entity ID for your ADFS server. Normally this would be something like http://adfs.domain.co.uk/adfs/services/trust but it can be different.
- Click save to make your change live.
You can find instructions on correcting this in the "Enabling Strong Authentication for .NET Applications" section of this
Once completed you are ready to use ADFS authentication for your teacher logins.
Testing/Troubleshooting
To test a teacher login, get a teacher to go to the teacher login page of your system. They should be redirected to the school's ADFS site and asked to log in. On successful login there they will be taken straight to their SchoolCloud teacher account.
If you have problems with teacher logins, make sure the ADFS email address matches the email address on the teacher record that came from your management system.
If you run into any problems, please let us know by sending an email to schoolcloud@tes.com with the teacher's name and email address (according to ADFS) and we will be back in touch with our findings.