Single Sign-On (SSO) is supported by Illuminate Education's products using Security Assertion Markup Language (SAML).
Enabling remote authentication requires users to use your authentication server to grant them access. Without proper configurations, users may not be able to reach the services provided by Illuminate’s products. If you are unsure how to proceed, please contact your district’s Customer Success Manager (CSM).
Set Up Process
IP Address Configuration
Your remote authentication server will need to be accessible via the internet by Illuminate Education's IP address ranges on the specific port you wish to use. Visit System Requirements & Whitelist for details.
Please note if this is not configured to your authentication server's preferences, users will not be able to log in. If you need assistance with this, please contact your District System Administrator or your Illuminate Customer Success Manager (CSM).
The configuration information at the bottom of this document needs to be filled out. This includes a username and password for us to test the authentication configuration, as well as connection information for your authentication server.
With the information below we will set up a copy of your Illuminate site to create a testing environment You will be asked to verify that Remote Authentication is working in this testing environment.
Once verified, a date and time will be set to enable remote authentication on your live environment. Please notify your users of this change and make sure they are aware their former login credentials will no longer be valid. It is best to wait until remote authentication has been verified before setting this date.
SAML Configuration (Users and Students)
The following information will need to be provided:
- SAML Metadata
- Outgoing Claim Type: Unique attribute being passed to match against Illuminate's Userservice field. Common choices are sAMAccountName and NameID.
- Mapping Field: Field within Illuminate to match against the Outgoing Claim Type. We support the Username or Email fields.
- Test Account Credentials
|SAML Metadata||XML-based document that describes a SAML deployment such as a SAML identitiy provider or a SAML service provider.|
|Outgoing Claim Type||Unique attribute being passed to match against Illumiante’s Userservice field. Common choices are sAMAccountName and NameID.|
|Mapping Field||Field within Illuminate to match against the Outgoing Claim Type. We support the Username or Emails fields.|
|Test Account Credentials||A fake account that a username and passwords can be tested for staff and/or students to verify the SSO functions as expected.|
Ready to set up SAML for Illuminate? Send a ticket to email@example.com with your SAML configuration information.
Not using SAML? Review Single Sign-On (Remote Authentication) Set Up for all support remote authentication options.