Coursedog

Submit a ticket My Tickets
Welcome
Login  Sign up

Single Sign On (SSO) Integration

Coursedog provides a seamless login experience for your users through single sign on (SSO). In short, SSO allows users that are authenticated into their student information system (SIS) portal to authenticate directly into Coursedog with the click of a button. This eliminates the need for users to create and keep track of a new username and password.

Coursedog integrates with your identity provider through a standard SP SAML (Shibboleth) and CAS protocols. Identity providers include Okta, AWS, Ping Identity, Azure, etc.


This page will guide you through the configuration as well as the end user experience. 


Configuration

Coursedog offers identity management administrators the tools to set-up SSO in a few easy steps.


Assumptions: 

  • Email is a unique identifier for a user and there is a 1:1 relationship of user to email (i.e. users don't have multiple email addresses). We rely on this assumption in Coursedog. As such, the response from SSO from the institution needs to include email as the identifier for the user. If you can't guarantee a unique email address please contact your CS representative.
  • Users outside of your authentication domain can be set to authenticate via username and password on the individual account level


            


  • Select "SAML" or "CAS" from the drop down. 

    Note: Once you make this selection it will disable username and password authentication for existing users. Given that, you may want to notify teammates when you are in the configuration and testing process. We recommend setting it back to password until you have SSO configured for the environment. 
  • SP SAML Configuration: Now we will want to fill out each setting as follows for SP SAML (Skip below for CAS). 
    Make sure to 
    Below is a sample screenshot of a SAML SP configuration that does not use Single Logout (SLO).
    • SAML Certificate/Meta Data: Paste in the value for your ds:X509Certificate. Typically this is found in your certificate file.

      Note: If OpenID and through AzureAD, please provide your tenant ID to you CS representative. The Coursedog client ID is: b5587ee3-25e3-41b7-84a1-ee35fae192c8

      Coursedog Metadata Example (See ds:X509Certificate): https://staging.coursedog.com/metadata.xml

    • SAML Login URL: URL that will take the user to an SP SAML login page
      e.g. https://elbert.edu/sso/saml
    • SAML Logout URL: Only set if using Single Logout (SLO):
          Note: Most schools leave this blank.
    • Redirect: Set to TRUE if not using SLO Note: if TRUE, you must enter a value in the SAML Redirect URL.
    • SAML Redirect URL: This is where you redirect the user upon logout. *Required if Redirect is True
          Note: Typically this will be the same as the redirect page above (e.g. https://elbert.edu/sso/saml)
    • Attribute (SAML Field):This is how Coursedog associates users between the system. It is used to map the fields returned from the SAML response to our internal fields. This is required for SSO to function. 
      • Attribute (School SAML Field): To obtain the correct value look in a sample SAML response for an email address value. Typically it is found in the nameId.
        Note: We have noticed examples where the sample response contained NameID but produced an "unable to verify user identity" error. This can sometimes be resolved by changing the Attribute value in Coursedog to be nameId.
      • User Property (Coursedog Field): Typically default to Email. *Contact your CS representative if using InstitutionID


  • CAS Configuration: Now we will want to fill out each setting as follows for CAS. 
    Note: Coursedog referrer will be staging.coursedog.com/casArrival and app.coursedog.com/casArrival.
    • Authentication Method: CAS
    • CAS Server URL: URL for your CAS server (e.g. https://elbert.edu/cas)
    • CAS Redirect URL: Where to send the user upon logout (e.g. https://elbert.edu/logout)
    • CAS Protocol: Coursedog supports versions 2 and 3 (default is 3.0)
    • Attribute (SAML Field):This is how Coursedog associates users between the system. It is used to map the fields returned from the CAS response to our internal fields. This is required for SSO to function. 
      • Attribute (School CAS Field): To obtain the correct value look in a sample SACASML response for an email address value. Typically it is found in the email
      • User Property (Coursedog Field): Typically default to email, but can also be InstitutionID for V2See example below:


Congrats! Once you are confident in the configuration it is time to begin testing. Make sure you have access to a user and your logs. 


User Experience (Testing your configuration)

Login

With SSO enabled the user types in their email address into the login page and is redirected to their own institution login page rather than asking them for their password.


We use the entered email address to determine which school they belong to and therefore where to redirect them. Once redirected, the user then logs in as usual on their standard institution login page:



Note: Some institutions may prefer to avoid having the user enter their email address before redirect. If that is the case we support the ability to set up a /login/<school id> URL like that shown below. This url can then be shared with their users. 


When users access the url they are redirected to the institution portal/login page rather than starting in Coursedog

Logout

When users log out of Coursedog, we can invoke a SAML logout (SLO), or redirect them to a page of their choice. 

C
Coursedog is the author of this solution article.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.