To make it a as quick and simple as possible for students to sign in to EdAlive Central, we now support Single Sign On with SAML 2.0 enabled Active Directory Federation Services (ADFS).
Using Single Sign On, students can login using their existing school username and password without needing to remember whole new set of credentials just for EdAlive Central!
System Requirements for ADFS Single Sign On
EdAlive Central will need to be configured as a trusted relying party.
Start the "Add Relying Party Trust..." wizard from the ADFS Management screen.
Enter the URL "https://central.edalive.com/api/saml2/metadata" in to the Federation metadata address URL field.
Continue to the end of the wizard using the default options.
The persistent NameID is provided by default with most SAML identity providers, however ADFS may need an additional claim rule for it to be included.
Add a claim rule based on the "Transform an Incoming Claim" rule template with the following settings:
NOTE: The incoming claim type could be set to something other than the UPN (usually the user's username). It needs to be an attribute that is unique and unchanging for each user.
If you are using ADFS v2 you may also need to create an additional LDAP claim for the NameId. (NOTE: This is not required in ADFS v3 and above.) Create a new claim rule based on the "Send LDAP Attributes as Claims" rule template with the following settings:
LDAP Attribute "User-Principal-Name" map to "UPN" outgoing claim type.
If you are using ADFS 2, you should have "User-Principal-Name" LDAP attribute mapped twice, once in the ADFS v2-unique "NameId_UPN" rule to "UPN", and once in the "Attributes" rule (for all versions of ADFS) to "E-Mail Address" (see below).
Configure ADFS to provide the user's first name, last name and email attributes by creating a claim rule based on the "Send LDAP Attributes as Claims" rule template with the following settings:
NOTE: The attribute table drop down buttons sometimes take a few clicks to activate.
Configure ADFS to provide the role attribute in ADFS by creating two more rules, both based on the "Send Group Membership as a Claim" claim template.
If your ADFS server hosts multiple school entities, you will need configure ADFS to provide the School Identifier attribute in ADFS by creating a rule based on the "Send Group Membership as a Claim" claim template.
Repeat this process for each school hosted on the ADFS server. You will need to provide us with a list of each school's real name and chosen identifier.
Provide the following details via email to support (@) edalive.com:
In order to be able to sign in, your students will need to be part of a EdAlive Central class. This can either be accomplished by manually using the "Add/Move Students" button in the Teacher Management section to allocate students to classes after they have signed in. Or alternatively by providing students with a unique "Class Code" before they first sign in using their Federated login. These Class Codes can be found at the top of the EdAlive Central class administration screens.