|
Official Mastery Connect Document |
|
This article describes the process of configuring Google as an Identity Provider (IdP) ready to work with Mastery Connect.
Authentication Terminology
|
Term |
Definition |
|---|---|
| IdP |
Identity Provider The job of the IdP is to identify users based on credentials. The IdP typically provides the login screen interface and presents information about the authenticated user to service providers after successful authentication. Google is the Identity Provider. |
| saml_name |
Username in Mastery Connect terminology. When information about an authenticated user is returned to Mastery Connect, a user with a saml_name matching the incoming data is looked for. |
| Metadata |
Information about the SP or IdP. This metadata is almost always provided in the form of XML. The metadata about your Mastery Connect instance is located at https://app.masteryconnect.com/saml2/<YOURNAME>/metadata.xml (your Project Consultant or Support Agent will provide this information) |
| SAML |
Security Assertion Markup Language |
| SIS | Student Information System |
| SLO |
Single Logout When a user logs out of a service, some IdPs can subsequently log the user out of all other services the user has authenticated to. Google supports this but may occasionally experience issues such as preventing a successful logout. Users will be logged out of Mastery Connect but may not be logged out of Google. |
| SP |
Service Provider An SP is usually a website providing information, tools, reports, etc to the end user. Mastery Connect provides an assessment environment to teachers, students, and admins and is, therefore, the Service Provider. Note: An SP cannot authenticate against an IdP unless the IdP is known to the SP. Likewise, an IdP will not send assertions to an SP that it does not know about. |
| SSO |
Single Sign-On This is what happens when a user isn't required to log in to a second service because information about the authenticated user is passed to the service. |
Pre-requisites
- Any user that needs to authenticate via Google SAML must already have a user account provisioned in Mastery Connect.
- The saml_name field in Mastery Connect must match the selected field returned from Google.
- Mastery Connect does not automatically create user accounts from successful single-sign-ons. User accounts must either be created manually in the web interface or through an SIS Integration.
- Your organization must be using Google Apps.
- You must be able to log in to the admin console for your organization.
NOTE: Mastery Connect will need the IdP's metadata first in order to generate the Service Provider (Mastery Connect) metadata
Configure Google SAML (SSO)
1. Log in to the Google Apps administration Console.
2. From the Admin console Home page, go to Apps and then Web and mobile apps.
3. Click Add App and select Add custom SAML app at the bottom.
4. Basic Information for your Custom App
- Enter Mastery Connect for the App Name [1]
- Optionally add an icon for your Mastery Connect App [2]
- Download the files here
- Click Continue [3]
5. Download the IdP Metadata
- Under Option 1, click Download Metadata [1]
- This metadata needs to be publicly hosted. Once it is hosted send the URL to your Project Consultant or Support Agent
- If the metadata can not be hosted on your side, please send this .XML file to your Project Consultant or Support Agent
- This metadata needs to be publicly hosted. Once it is hosted send the URL to your Project Consultant or Support Agent
- Click Continue [2]
6. Service Provider Details
***NOTE: Once your Project Consultant or Support Agent responds with the Mastery Connect (service provider) metadata URL you will be able to proceed with these next steps
- The metadata URL will have the ACS URL and Entity ID needed to configure this page
- Here is an example of a metadata URL: https://app.masteryconnect.com/saml2/<yourname>/metadata.xml
- Enter the Assertion Consumer Service URL, ACS URL [1]
- Enter the Assertion Consumer Service URL, Entity ID [2]
- Enter the Start URL [3]
- This is the Log On URL that is provided by your Project Consultant / Support Agent
- ex: https://app.masteryconnect.com/saml2/<yourname>
- Check the Signed Response checkbox [4]
- Change Name ID Format to Email [5]
- Click Continue [6]
7. Click Finish
8. You have added the SAML App to Google, now you also need to turn on the app for your users:
- Click on USER ACCESS
- Select ON for everyone [1] and then click on SAVE [2]
9. If everything went well then your screen should look like this.
Congratulations! Google SAML SSO has been configured for Mastery Connect
