How do we enable Single Sign On between Education Perfect and our school?

If your school's setup is supported by us, enabling SSO is a straightforward process. 

Our metadata can be found at https://sso.educationperfect.com/metadata/saml2. We'll need the following information:

  • A copy of your metadata 
  • Which unique identifier you'll use to identify users (e.g. a student ID number, email address, etc) for both students and teachers
  • A test student account and a test teacher account that we can use to verify the integration is working

You can send this information to us at support@educationperfect.com.

Please note that we use SHA-1 as our hashing algorithm; you may need to update your configuration to work with this. 

You will also need our claim rules, as follows: 

//Sending LDAP attributes as claims:

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=>
issue(store = "Active Directory",
types = ("http://schemas.xmlsoap.org/claims/CommonName"),
query = ";sAMAccountName;{0}", param = c.Value); 


//Transforming an incoming claim:

 c:[Type == "http://schemas.xmlsoap.org/claims/CommonName"]
=>
issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType,
Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");

Once we've set up an initial integration, we will need to update all existing accounts with the identifier your server provides us with. Additionally, all future accounts we create will need this identifier to be provided.