SchoolAdmin supports Single Sign-On (SSO) for SysAdmin, Admin, User, and Limited User accounts within schools that use the Google G-Suite for all staff email accounts. Please note, this is different than personal gmail accounts. SSO allows the school to use another trusted site to verify its users. A big benefit to using SSO is a reduction in log-in troubleshooting, and ease of logging in from other devices when needed.
To setup SSO, navigate to Settings-->Portal-->OAuthConfiguration.
You'll be asked to set the allowed domains and if SSO is required for all SysAdmin, Admin, User, and Limited User (for Online Reviews) accounts. You can hover on the "i" for each of these settings to learn more.
- Required for admins: Check this box if all System Admin, Admins, Users and Limited Users all have a G-Suite email account. This is a global setting that will require G-Suite SSO for anyone with a SchoolAdmin account to log-in. If all users do not have a G-suite account, you'll leave the box unchecked. *Important Note: SSO does NOT apply to families or the parent portal.
- Allowed Domains: This is where you'll include the domain of your school's G-Suite account. Type in the name of your domain and select 'create option' as shown below. The domain will be added to the allowed domain list. If there's multiple domains across campuses or school levels, you can add multiple domains.
Once the domain(s) have been added, it will look similar to the example below. Click 'Submit' to save the configuration.
Signing in with Google SSO
At the Admin Sign-In page, the email address and password fields will be replaced with the message and button below.
Once you click on the 'Sign in with Google' button, you'll be prompted to select the Google account you'd like to use.
Click on the account and if your authentication is successful, you'll be logged in and the message shown below will display at the top of the page. If the log-in fails, you will see a red error message.
Important Behaviors of SSO
- Admin Portal Accounts need to be created/exist in order for a G-Suite SSO permission to be granted.
- If a user cannot log-in, they will see an error message displayed if a SchoolAdmin account doesn't exist for that G-Suite account. You will also be notified of the domain(s) you’ll need to sign-in with if you use the wrong one.
- If a System Admin/Admin/User/Limited User account is removed in G-Suite, that same Admin/User will not be able to log into SchoolAdmin. Their account will still exist within SchoolAdmin, however, the log-in will no longer work.
- If the Google SSO is turned off, inform your users in advance so they can reset their passwords.
- Session time-out is set to 2 weeks.