ADFS/SAML: How to configure teacher login

This guide shows how ADFS/SAML authentication works in your SchoolCloud system and explains how to set it up.

How does it work?

Using SAML allows your school to allow teacher login using a button - teachers would see a login button. When they click the button their email address is read from SAML and matched to the email address which appears on the teacher record in your system you can find or check this via Data >Teachers).

How do I set ADFS authentication up?

In order to setup ADFS/SAML authentication, you will firstly need access to your ADFS platform. If you don't have that, please get in touch with your IT department and refer them to this article. Here are the steps for setting up your authentication on an ADFS server:

  1. On your ADFS platform, add a new Relying Party Trust. When asked for the metadata URL, please use:

    https://auth.parentseveningsystem.co.uk/saml

    NOTE: Servers not utilising the TLS1.2 protocol by default will see the following error: You can find instructions on correcting this in the "Enabling Strong Authentication for .NET Applications" section of this Microsoft help article.
  2. Once you've added the trust, go to the Edit Claim Rules section then:
    1. Add a new Send LDAP Attributes as Claim rule with the following settings:


    2. Add a new Transform an Incoming Claim Rule:

      7f097b57d70142cb83f0ed1b60d53adb.png
  3. In your SchoolCloud system go to Settings > Teacher Authentication and select SAML Authentication.
  4. Enter the link for your metadata into the Metadata URL text box. The metadata URL is normally something like https://domain/federationmetadata/2007-06/federationmetadata.xml.
  5. Finally, enter the Entity ID for your ADFS server. Normally this would be something like https://adfs.domain.co.uk/adfs/services/trust but it can be different.
  6. Click save to make your change live.

Once completed you are ready to use ADFS authentication for your teacher logins.

Testing/Troubleshooting

To test a teacher login, get a teacher to go to the teacher login page of your system. They should be redirected to the school's ADFS site and asked to log in. On successful login there they will be taken straight to their SchoolCloud teacher account.

If you have problems with teacher logins, make sure the ADFS email address matches the email address on the teacher record that came from your management system.

If you run into any problems, please let us know by sending an email to support@schoolcloud.co.uk with the teacher's name and email address (according to ADFS) and we will be back in touch with our findings.

Still need help? Contact Us Contact Us