Prepare to Use SAML SSO for Students and Staff

Follow these steps to prepare:

When setting up a Security Assertion Markup Language (SAML) connection for students and staff, you must choose from a Federation type.

• Email domain

  • The most used connection type.

  • Multiple domains per user type are supported.

  • An email domain can only be associated with one district. Within the district, an email domain can be used once for a staff connection and once for a student connection.

  • GSuite for Education only supports email domains when connecting with SAML.

  • Staff and student emails in Naviance must include the domains you will use to make the SAML connection.

• Federation ID

  • The connection type when something other than an email is used for login, such as an ID number.

  • Staff and student accounts in Naviance must include a Federation ID.

Answer Questions

1. Do you have a technical expert at your school or district who can help create the SAML connection?

2. If implementing a student connection, how will you connect to SAML? Email or Federation ID?

3. If implementing a staff connection, how will you connect to SAML? Emails or Federation ID?

4. If using email, how many email domains does your district have for students? What are they?

5. If using email, how many email domains does your district have for staff? What are they?

6. When do you want to complete the SAML connection? Friday afternoons may be a good time because the SAML connection will be live as soon as it is complete.

7. How will you let your staff and students know about the updates to the login process?

Review Naviance Data

• Before making the SAML connection in Naviance, ensure that the Federation Type in Naviance is the same as the Federation Type in your Identify Provider (IdP). Use the same Federation Type, either email domain or Federation ID, in your IdP and Naviance for SAML SSO to work successfully.

Students

For PowerSchool SIS as the iDP, ensure the following in your PowerSchool SIS integration, automated imports (cURL), or manual imports:

• Students' Federation ID in Naviance is set to the DCID of the Student from the PowerSchool SIS.
• Students have a username imported to Naviance.

For other iDPs, ensure all Naviance student accounts have:

• An email if using email as the Federation Type.

• A Federation ID if using something other than email for student login.

  

  Use the Student Records import file or review the PowerSchool SIS to add or update emails or Federation ID numbers to multiple student records.

Staff

For PowerSchool SIS as the iDP, ensure staff Federation ID in Naviance is set to the DCID of the Staff Member from the PowerSchool SIS.

For other iDPs, ensure:

• Staff emails in Naviance include the email domains used for the SAML connection If using email as the Federation Type. Manually update staff emails in Naviance if needed.
• If using something other than email for staff login, such as an ID number, ensure that the Federation ID field is in all Naviance staff accounts.

• If staff users have accounts at multiple schools in the district, ensure that all associated accounts for that user have the same Federation ID so the user can switch account profiles in Naviance.

  

  Manually update staff emails of the Federation ID in Naviance staff accounts.