The eSchoolData application has added the ability for districts to enable Single Sign-on for staff accounts through Google or Microsoft. This lesson guides district users through the required actions of using SSO.
Set Main App URL
- Go to Interoperability.
- Choose eSP.
- Select Settings.
- On the Login Page tab, enter the District URL for the Main App if it is not done so already.
User Email Addresses
All users must have an email address to successfully use the SSO option. To verify that all users have an email address within eSchoolData:
- Go to System.
- Choose Administration.
- Select User Security Information.
- Select the Excel icon to download the list of all users within the system.
- Use the Excel file to filter for any users without an email address.
Users can see the email associated with the staff record from this report; it is likely the email also exists for the user account, but you can edit the user account to confirm the email is there as well.
After all users without email addresses have been identified:
- Go to User Maintenance.
- Search for any users missing an email address.
- Select the Edit icon for the desired user.
- Enter the user's Email Address.
- Select Save.
Enable SSO
- Go to Interoperability.
- Choose Partners.
- Select Google or Microsoft from the left hand menu.
- Under SSO Settings, set enable SSO to Yes and enter any Allowed Domains into the available space. If multiple domains are added, please enter them as comma separated values.
- Select Save.
The site must be set to the district level. The Save button will not be available if a specific school is chosen.
Troubleshooting
A staff member selects SSO option and selects their email. The screen then refreshes and returns them to the login screen.
- Check the User Security Information export
-
Is the user associated to multiple records?
- If Yes - confirm these records belong to the same person and are both active
- If No - make sure the accounts are linked. If they are not linked then the system cannot validate
-
If any accounts are inactive:
- Navigate to the building and remove the email address from the old account
- Unlink the accounts if previously linked
A staff member selects SSO option and selects their email. The screen refreshes and returns them to the login screen with the error message "Invalid User Id or password, please login again...".
-
Confirm the email address is in the staff user account
- If Yes - confirm the domain matches domains listed in Allowed Domains under the SSO Setup page
- If the Allowed Domains are correct:
-
-
- Go to System > Administration > User Security Information - check for Inactive accounts, which will confirm whether one exists for the user.
- At the level of the building where there is the inactive account, go to System > Staff, find the user, edit, and uncheck the box for "Inactive Staff" and save - this will make the account "live" again.
- Go to System > Administration > User Maintenance - find the user that you have just activated, edit, remove the email address, and Save.
- To mark that same user as Inactive again, go back to System > Staff - recheck the box for "Inactive Staff", and Save.
-