Coursedog

Submit a Ticket My Tickets
Welcome
Login  Sign up

Single Sign On (SSO) Integration


Overview

Coursedog provides a seamless login experience for your users through single sign on (SSO). In short, SSO allows users that are authenticated into their student information system (SIS) portal to authenticate directly into Coursedog with the click of a button. This eliminates the need for users to create and keep track of a new username and password.

Coursedog integrates with your identity provider through a standard SP SAML (Shibboleth) and CAS protocols. Identity providers include Okta, AWS, Ping Identity, Azure, etc.


This page will guide you through the configuration as well as the end user experience (scroll past the configuration section).


Configuration

Coursedog offers identity management administrators the tools to set-up SSO in a few easy steps.

Assumptions

  • Your institution has a unique identifier. 
    • email address (recommended) as the unique identifier for a user and there is a 1:1 relationship of user to email (i.e. users don't have multiple email addresses). 
    • Unique ID - A unique identifier such as an employee, or student id (e.g. EMPLID, PIDM). 
  • Users outside of your authentication domain can be set to authenticate via username and password on the individual account level

Assets

            

  • Select "SAML" or "CAS" from the drop down. 

    Note: Once you make this selection it will disable username and password authentication for existing users. Given that, you may want to notify teammates when you are in the configuration and testing process. We recommend setting it back to password until you have SSO configured for the environment. 

SAML Configuration

  • SP SAML Configuration: Now we will want to fill out each setting as follows for SP SAML (Skip below for CAS).  
    Below is a sample screenshot of a SAML SP configuration that does not use Single Logout (SLO).


  • SAML Certificate/Meta Data: Paste in the value for your ds:X509Certificate. Typically this is found in your certificate file.

    Note: If OpenID and through AzureAD, please provide your tenant ID to you CS representative. The Coursedog client ID is: b5587ee3-25e3-41b7-84a1-ee35fae192c8

    Coursedog Metadata Example (See ds:X509Certificate): https://staging.coursedog.com/metadata.xml

  • SAML Login URL: URL that will take the user to an SP SAML login page
    e.g. https://elbert.edu/sso/saml
  • SAML Logout URL: Only set if using Single Logout (SLO):
        Note: Most schools leave this blank.
  • Redirect: Set to TRUE if not using SLO Note: if TRUE, you must enter a value in the SAML Redirect URL.
  • SAML Redirect URL: This is where you redirect the user upon logout. *Required if Redirect is True
        Note: Typically this will be the same as the redirect page above (e.g. https://elbert.edu/sso/saml)
  • Attribute (SAML Field):This is how Coursedog associates users between the system. It is used to map the fields returned from the SAML response to our internal fields. This is required for SSO to function. 
    • Attribute (School SAML Field): To obtain the correct value look in a sample SAML response for an email address value. Typically it is found in the nameId.

      Note: We've noticed examples where the sample response contained NameID but produced an "unable to verify user identity" error. This can sometimes be resolved by changing the Attribute value in Coursedog to be nameId.
      SAML
      Coursedog also evaluates the URN value as well:
    • User Property (Coursedog Field): Map the unique identifier value passed from your institution to a Coursedog field. The two options are  to a unique email address, or InstitutionID.


CAS Configuration

  • CAS Configuration: Now we will want to fill out each setting as follows for CAS. 
    Note: Coursedog referrer will be staging.coursedog.com/casArrival and app.coursedog.com/casArrival.
    • Authentication Method: CAS
    • CAS Server URL: URL for your CAS server (e.g. https://elbert.edu/cas)
    • CAS Redirect URL: Where to send the user upon logout (e.g. https://elbert.edu/logout)
    • CAS Protocol: Coursedog supports versions 2 and 3 (default is 3.0)
    • Attribute (SAML Field):This is how Coursedog associates users between the system. It is used to map the fields returned from the CAS response to our internal fields. This is required for SSO to function. 
      • Attribute (School CAS Field): To obtain the correct value look in a sample SACASML response for an email address value. Typically it is found in the email
      • User Property (Coursedog Field): Typically default to email, but can also be InstitutionID for V2See example below:


Congrats! Once you are confident in the configuration it is time to begin testing. Make sure you have access to a user and your logs. 


User Experience (Testing your configuration)

Login

With SSO enabled the user types in their email address into the login page and is redirected to their own institution login page rather than asking them for their password.


We use the entered email address to determine which school they belong to and therefore where to redirect them. Once redirected, the user then logs in as usual on their standard institution login page:



Note: If you prefer to avoid having the user enter their email address before redirect then give your users a URL of the form: /login/<school id> 

    https://staging.coursedog.com/#/login/<myschool>

    https://app.coursedog.com/#/login/<myschool>


When users access the url they are redirected to the institution portal/login page rather than starting in Coursedog

Logout

When users log out of Coursedog, we can invoke a SAML logout (SLO), or redirect them to a page of their choice. 

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.