Accudemia: How do I enable SAML SSO (Single Sign-On) for my account?

Accudemia: How do I enable SAML SSO (Single Sign-On) for my account?


This new feature to authenticate users using the SAML protocols for SSO to simplify password management and increase security that will allow your students to log in to Accudemia from your college portal rather than a separate webpage/URL should be relatively easy to setup in Accudemia.  Here's how:

Configuring Accudemia

  1. Log in to your school's https://<mycollege>.accudemia.net website using your domain in place of the <mycollege> and admin credentials provided.
  2. Now to enable this option, you can access the setup under the Administration > Control Panel >  User Accounts section form the left-side navigation menu.
  3. In the User Accounts page of your Accudemia website scroll down to the SAML Single Sign-On section.
  4. Here you'll enable SSO by checking the checkbox labeled "Enable SAML SSO".
  5. You'll now need to set the Identity Provider URL, Public Certificate, and Logout URL to Accudemia so it knows where the Users will be coming from and directed after they log out.  Optionally there are other things you can do if needed too such as an error page and alternate ID use (if uploaded into Accudemia specifically for SSO).  Here is a sample of this completed:

  6. After completing this section, please save this information at the top of the page by clicking the Save Changes button.
  7. Done!  Now to test it go to your authentication portal that you have set up for users and log in using your credentials or with a test user account.

Configuring your IdP / SAML Server

To configure your Identity Provider (IdP), you need the Accudemia SAML Metadata. You can find it in:

https://<your-domain>.accudemia.net/saml/metadata.aspx

Once you have entered the metadata in your IdP, you need to set it up to send the user ID or alternate ID in the NameID field, under the Subject tag.  It's important to note that the NameID doesn't have to be an attribute, but the tag is defined under the Subject node/tag in the XML. If you look at the SAML authentication request, it should look like this:
  1. <saml:Subject>
  2.      <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">111-11-1111</saml:NameID>
  3.      ...
  4. </saml:Subject>

Configuring Active Directory Federation Services (ADFS)

To send the NameID in the Subject tag, you need to go to AD FS Management, navigate to Trust Relationships > Claims Provider Trusts, then right-click on your provider and select Edit Claim Rules:


Then click Add Rule and add the following rules:


First, to send the LDAP attribute as a claim, create a rule of type "Send LDAP Attributes as Claims".  Next, set the attribute you want to use to authenticate from your AD. For example, the Employee Number:

Then, create a second rule. This time, select "Transform an Incoming Claim." In another rule transform the NameID to the Subject:



For more information, you can also check this video:


For any questions regarding this new feature, contact our support team at support@accudemia.com or Submit a Ticket on this site.



    • Related Articles

    • AccuCampus: How to set up SAML SSO authentication?

      Introduction This feature authenticates users using the SAML protocols for SSO. It simplifies password management, increases security, and allows students to log into AccuCampus from a unique college portal, rather than a separate webpage/URL. This ...
    • Accudemia: How do I bypass SSO to log in directly?

      Introduction Accudemia can be set up to utilize a Single-Sign-On (SSO) system using Security Authentication Markup Language (SAML). This is a tool that allows users to only require one set of login information across an entire system. SSO will ...
    • Accudemia: How do I enable SAML SSO (Single Sign-On) for my account?

      Introduction This article will show you how you can authenticate users using the SAML protocols for SSO (Single Sign-On). It simplifies password management, increases security, and allows students to log into Accudemia from a unique college portal, ...
    • Single Sign-On Requirements for AccuCampus

      Introduction The aim of this document is to explain how to integrate your own site or portal with AccuCampus. It also includes usage examples so you can get started faster. This alternative access method would allow you to integrate AccuCampus into ...
    • Accudemia: How can I sign into the Accudemia app through Single Sign-On?

      Introduction In this guide, we'll explain how you can login to the Accudemia app without using a username or password for Accudemia, but instead using your SSO credentials. Please note that this requires a logging through a browser on another device ...