This document describes how to configure and manage authentication settings for both home and teaching institutions. These settings are technical, so administrators should work with their IT department to ensure correct configuration. If your IT department has questions about these configuration settings, please contact support@acadeum.com
Important Terminology
Acadeum Authentication
Institutions can choose Acadeum authentication to authenticate using credentials that are unique to Acadeum instead of using common credentials maintained through their institution. An institution may choose this option when they do not have a SAML Identity Provider.
Security Assertion Markup Language Authentication
Acadeum supports Security Assertion Markup Language (SAML) authentication, which is an open standard for exchanging authentication and authorization data between parties.
Single Sign-On
Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID and password to any of several related, yet independent, software systems.
Therefore, institutions can choose to authenticate using credentials that are maintained through their institution using SAML SSO Identity Provider. To configure SAML SSO, an institution must provide the Issuer, Entry Point, and Signing Certificate.
Identity Provider
The Identity Provider (IdP) creates, maintains, and manages identity information for users. The Identity Provider (IdP) is a system that is maintained, in this case, by the institution.
Service Provider
A SAML service provider is a system entity that receives and accepts authentication assertions in conjunction with a single sign-on (SSO) profile of the Security Assertion Markup Language (SAML). In simpler terms, the Service Provider will be Acadeum software.
Issuer
Issuer refers to the URL that uniquely identifies your SAML identity provider.
Entry Point
The Entry Point is the URL corresponding to your Identity Provider URL which will receive authentication requests
Signing Certificate
The Signing Certificate is the to verify the signature of the responses received by our Service Provider.
Authentication
When logging into the Admin or Student Applications, users are able to authenticate through native or single sign-on processes.
Setup Process
- Login to the Admin App at https://courseshare.acadeum.com.
- From the primary navigation on the left-hand side, select ‘Settings’.
- Within the ‘Settings’ page, select ‘Login’ from the top navigation.
- Select Environment to change the authentication process for. Note only the Admin and Student Applications are supported currently and step 5 below is identical for both environments.
- Select Authentication Modal (Acadeum or SSO)
Finally, the selection must be made to use either Acadeum authentication or single sign-on.
- If selecting “Acadeum Authentication” no further action is required. Users accessing through Acadeum authentication will be prompted to login with the email and password used to create their account.
- If selecting “Single Sign-on through your Institution” a Entry Point URL and SAML Server Certificate must be provided. Doing so will enable users to login through their own institution’s authentication process.
Note that process is similar when adjusting the Student App Environment
Acadeum Authentication:
Single Sign-on through your institution:
SSO Queue
The SSO Queue provides an interface for administrators to manage requests for new accounts for the Administrative App. The SSO Queue will only contain data if the following criteria are true:
- The Institution is configured for SAML SSO.
- The user attempts to access Acadeum Course Share before their profile is created.
If the user meets both of these criteria, their request for access will be logged in the SSO Queue for review any requests from new users will be put in a pending status until they are activated.
Setup Process
- Login to the Admin App at https://courseshare.acadeum.com
- Select Settings from the primary navigation on the left-hand side
- Within the ‘Settings’ page, select ‘SSO Queue’ from the top navigation
- Approve or Deny Pending Requests: when a user attempts to access the Amin App for the first time, their profile will appear here to be granted or denied access.
Comments
0 comments
Please sign in to leave a comment.