The eSchoolData application has added the ability for districts to enable Single Sign-on for staff and/or student accounts through Google or Microsoft. This lesson guides district users through the required actions of using SSO.
Set App URL
- Go to Interoperability.
- Choose eSP.
- Select Settings.
- On the Login Page tab, enter the District URL for the Main App or Portal App if it is not done so already.
User Email Addresses
All users must have an email address to successfully use the SSO option. To verify that all users have an email address within eSchoolData:
- Go to System.
- Choose Administration.
- Select User Security Information.
- Select the Excel icon to download the list of all users within the system.
- Use the Excel file to filter for any users without an email address.
Users can see the email associated with the staff record from this report; it is likely the email also exists for the user account, but you can edit the user account to confirm the email is there as well.
After all users without email addresses have been identified:
- Go to User Maintenance.
- Search for any users missing an email address.
- Select the Edit icon for the desired user.
- Enter the user's Email Address.
- Select Save.
Student Email Addresses
All students must have an email address to successfully use the SSO option. To verify that all students have an email address within eSchoolData:
- Go to Reports.
- Select Custom Reports.
- Choose Data Tables from the side navigation.
- Select Create New Data Table.
- Choose the needed data points, including Student Email Address from Student Information.
- Sort the Student Email Address column to identify any students in need of an email address.
After identifying any students that need an email address:
- Go to Student.
- Select Student Profile.
- Student Profile opens by default.
- Set any needed filters and select Search.
- Select the ID of the desired student.
- Go to the Registration tab.
- Select Edit. Scroll down to find the Student Email field and enter the student's email address. Be sure to Save before exiting.
Enable SSO
- Go to Interoperability.
- Choose Partners.
- Select Google or Microsoft from the left hand menu.
- Under SSO Settings, set enable SSO to Yes and enter any Allowed Domains into the available space. If multiple domains are added, please enter them as comma separated values.
- Enforced requires users to use the SSO option to sign in; users will be prevented from logging in with their eSD credentials.
- Select Save.
The site must be set to the district level. The Save button will not be available if a specific school is chosen.
Troubleshooting
A staff member selects SSO option and selects their email. The screen then refreshes and returns them to the login screen.
- Check the User Security Information export
- Is the user associated to multiple records?
- If Yes - confirm these records belong to the same person and are both active
- If No - make sure the accounts are linked. If they are not linked then the system cannot validate
- If any accounts are inactive:
- Navigate to the building and remove the email address from the old account
- Unlink the accounts if previously linked
A staff member selects SSO option and selects their email. The screen refreshes and returns them to the login screen with the error message "Invalid User Id or password, please login again...".
- Confirm the email address is in the staff user account
- If Yes - confirm the domain matches domains listed in Allowed Domains under the SSO Setup page
- If the Allowed Domains are correct:
-
-
- Go to System > Administration > User Security Information - check for Inactive accounts, which will confirm whether one exists for the user.
- At the level of the building where there is the inactive account, go to System > Staff, find the user, edit, and uncheck the box for "Inactive Staff" and save - this will make the account "live" again.
- Go to System > Administration > User Maintenance - find the user that you have just activated, edit, remove the email address, and Save.
- To mark that same user as Inactive again, go back to System > Staff - recheck the box for "Inactive Staff", and Save.
-