iSAMS: parent SSO with the iSAMS Parent Portal

Setting up the iSAMS Parent Portal as your method for authenticating parents allows them to log in to Tes Parents' Meetings via the portal, instead of by entering their details. Parents are matched using their email address in iSAMS (also known as IRIS Ed:Gen) and in Tes Parents' Meetings.

Please note: the iSAMS Parent Portal will not work alongside Wonde integration

To set it up please follow these steps

Within iSAMS, create an SSO client with the following fields:

Client ID
Client Secret

a. Details Tab

Client ID: schoolcloud
Client Name: School Cloud Systems Auth Client for Parent Portal
Client URI: https://www.schoolcloudsystems.co.uk/
Login Screen: SAMS.Portal.Parent
Backchannel Logout URI: https://auth.parentseveningsystem.co.uk/Providers/Isams/Logout
Access Token Type: Select "Reference" from dropdown.
Check the box next to Hybrid Flow is checked
Ensure Authorization Code Flow is NOT checked
Ensure Require PKCE is NOT checked

b. Scopes Tab

Add the following:
- Openid (should already be added)
- profile
- email

c. Whitelist URIs Tab

Add the following 3 URIs making sure to select the correct type for eachj (replace "<school_cloud_url>" with your own schools unique school cloud link):
- https://auth.parentseveningsystem.co.uk/Providers/Isams/Callback | Allowed Post Login Redirect URI
- https://<school_cloud_url>.schoolcloud.co.uk | Allowed Post Logout Redirect URI
- https://auth.parentseveningsystem.co.uk | CORS Enabled Origin

d. Click "Save & Close", make sure to note down your Client and Client Secret that will be displayed. These credentials cannot be retrieved again, so it is essential to store them securely.

Here is some extra guidance to help with obtaining these details: https://support.isams.com/hc/en-us/articles/24290362090770-Single-Sign-On-Using-iSAMS-as-an-Identity-Provider

2. Once you have the details of your iSAMS SSO Client ID & Client Secret, go to Settings > Parent Authentication and choose iSAMS Parent Portal

A screenshot of a computer

AI-generated content may be incorrect.

Enter the details sent from iSAMS in the boxes that will appear underneath.

In the Authority field, type in your iSAMS web address with "/auth" at the end, then click save.

A screenshot of a computer

AI-generated content may be incorrect.

When these fields have been completed and your parents go to log in, instead of being asked for their details they will see a button which says 'Log in with iSAMS'.

On clicking the button they are taken to the iSAMS login page. Once they have logged into iSAMS, they are then taken directly into Tes Parents' Meetings.