How to Configure SAML SSO

How to Configure SAML SSO

Start by Notifying Your Customer Success Manager

If your institution is interested in enabling SAML Single Sign-On (SSO) for Tassel, the first step is to let your Customer Success Manager (CSM) know. Please note that SSO setup is available only to schools with a centralized IT department. Refer to our article about SAML SSO prerequisites to ensure your school is a good fit.

Step 1: Complete the SSO Setup Form

After discussing SSO with your CSM, you will be sent an email containing the SSO setup form. This form gathers the essential details required to configure SSO, including:
  1. Identity Provider (IdP) metadata, submitted as either an XML file or a URL
  2. Test Login Credentials
  3. Primary Claim
Identity Provider (IdP) Metadata
The IdP metadata contains critical configuration details about your Identity Provider, such as endpoints and certificates, needed to establish a secure SAML connection.

Provide Dummy Test Credentials
To facilitate the testing process, submit dummy credentials for a test student account. These credentials will be used later to ensure the SSO setup is working correctly.

Specify Primary Claim in SAML Assertions
Indicate whether the Email Address or Student ID will serve as the primary claim in your SAML Assertions. Claims are crucial for the SP to identify and authorize users via the IdP.



Step 2: Receive Key Information from Tassel

Once your form is processed, Tassel will supply two critical URLs:
  1. SAML Metadata URL
  2. SAML Assertion Consumer Service (ACS) URL
These URLs are necessary to configure Tassel as a Service Provider (SP) in your IdP.

Step 3: Configure Tassel in Your IdP

Log in to your IdP’s administrative portal and follow these steps:
  1. Add Tassel as a new Service Provider.
  2. Use the SAML Metadata URL and ACS URL provided by Tassel.
  3. Ensure your configuration includes the necessary attributes in the SAML Assertions, as specified in the setup form.
For more detailed instructions review the article for IdP Specific Help.
 

Step 4: Notify Tassel for Final Verification

Once the setup is complete, inform Tassel so that we can verify the functionality on our end using the test login credentials you provide. 

    Can't find something? Try our chatbot