Google SSO Configuration (SHA-256)

This article details how to configure Google Workspace for use with Education Perfect's Single Sign-On (SSO) system.

Please note that we now support logging in with Google directly, and it may not be necessary to set up an integration at all!
Please see our help doc here or contact us for more details.

Sending us your metadata

  1. From the G-Suite Admin console Home page, go to Apps and then SAML apps.
  2. Click Add App -> Add Custom SAML APP
  3. Add anything as the App name, click Continue
  4. Download the metadata and send this to us at support@educationperfect.com along with a test account
  5. Cancel out of adding this App

Secondary Steps

Once you get a response from us, please do the following:

  1. From the G-Suite Admin console Home page, go to Apps and then SAML apps.
  2. Click Add App -> Add Custom SAML APP
  3. Add 'Education Perfect' as the App name, click Continue twice
  4. On the Service Provider Details screen, enter the following:
    1. ACS URL: https://iam.educationperfect.com/samlv2/acs
    2. Entity ID: Issuer: as provided by us (please note that we are unable to provide this value until after we have loaded your metadata from step 4)
    3. Start URL: app.educationperfect.com
    4. Signed Response: Leave unchecked.
    5. Name ID Format: EMAIL (This might need to be PERSISTANT if 403 errors occur during testing)
    6. Name ID: Basic Information, Primary Email. Click Next
  6. On the Attribute Mapping screen, click Finish
  7. Click User Access and then turn it on for everyone (as below) or for specific organizational units as appropriate, and click Save. As noted, it may take up to 24 hours for this change to take effect for all users.Google admin options If you do not turn the Education Perfect app on for your users they will see the following error message when trying to log into Education Perfect: 403 thats an error
  8. Once this is done, please email us and let us know so that we may commence testing
  9. Please note, that users will need to be signed into their school-affiliated Google account in order to be able to log in via SSO(or at the least, not signed into a different Google account)

Match existing users to their accounts

If your students have already been using Education Perfect without a G-Suite integration, their EP accounts will need to be linked to the unique identifier G-Suite uses to confirm their identity. The above settings will make this their email address, but we use the test accounts to confirm everything is configured correctly.

We'll match up everyone we can on your behalf. We will then send you a list of anyone we couldn't match. Once you send us the details for those people, we'll update them as well. 

Please note that until we have completed this step users will get an error if they attempt to log into Education Perfect via G-Suite. Users need to be logged in to their school-affiliated google account in order to be able to log in through Single Sign On

Other Errors

500

500 thats an error

This error generally means something is wrong with the configuration and may require support from Google directly. However it may be worth checking that your SAML certificate has not expired first.

Did you find this article helpful? Thanks! Click the speech bubble below to tell us more. There was a problem submitting your feedback. Please try again later.