IdP Specific Help

IdP Specific Help

Google Workspace SSO Setup

Step 1: Access Google Admin Console
Log in to your Google Admin console (admin.google.com)
Navigate to Apps > Web and mobile apps > Add App > Add Custom SAML app

Step 2: Provide Tassel with your metadata during Setup
Download the Google IdP metadata XML file or copy the metadata URL
Provide the metadata to your Tassel representative for configuration

Step 3: Configure Google SSO
  1. Enter the Tassel service provider details:
    1. ACS URL: https://{school}.tassel.com/home/assertionconsumerservice
    2. Entity ID: urn:marchingorder:identity:saml2:gradweb
  2. Configure attribute mapping:
    1. Change Name ID format from UNSPECIFIED to EMAIL
    2. Map the Primary Email attribute to email
      1. Basic Information > Primary email
  3. Set your Google Directory Attributes:
    Basic Information > Primary email → App attributes email
Step 4: Assign User Access
To make the SAML app you just created available when attempting to test it, please ensure you select the relevant groups, or everyone to have access to that SAML app.

Microsoft Azure SSO Setup

Step 1: Access Azure Portal
Log in to the Azure portal (portal.azure.com)
Navigate to Azure Active Directory > Enterprise applications > New application > Create your own application

Step 2: Configure Azure SSO
  1. Select "Set up single sign-on" and choose "SAML"
  2. Configure the Basic SAML Configuration:
    1. Identifier (Entity ID): urn:marchingorder:identity:saml2:gradweb
    2. Reply URL (ACS URL): https://{school}.tassel.com/home/assertionconsumerservice
  3. Configure User Attributes & Claims:
    1. Set the Unique User Identifier (Name ID) to user.mail (email address)
    2. Add additional claims if needed:
      1. Email: user.mail
      2. Student ID: user.studentid (or appropriate attribute)

Step 3: Complete the Setup
Download the Azure Federation Metadata XML or copy the metadata URL (preferred)
Provide the metadata URL to your Tassel representative for configuration

Okta SSO Setup

Step 1: Access Okta Admin Dashboard
Log in to your Okta Admin dashboard
Navigate to Applications > Applications > Add Application > Create New App
Select "Web" as the platform and "SAML 2.0" as the sign-on method

Step 2: Configure General Settings
Enter an application name (e.g., "Tassel Graduation")
Add your school's logo (optional but recommended)
Click Next to proceed to the SAML configuration

Step 3: Configure SAML Settings
  1. Enter the Tassel service provider details:
    1. Single Sign-On URL (ACS URL): https://{school}.tassel.com/home/assertionconsumerservice
    2. Audience URI (Entity ID): urn:marchingorder:identity:saml2:gradweb
    3. Name ID Format: Set to "Email Address" with email attribute mapped
  2. Configure attribute statements:
    1. Add attribute statement for email:
      1. Name: email
      2. Value: user.email
    2. Add attribute statement for student ID (if applicable):
      1. Name: studentID
      2. Value: user.studentID (or appropriate attribute)
  3. Advanced Settings:
    1. Response: Signed
    2. Assertion: Signed
    3. Authentication context class: PasswordProtectedTransport

Step 4: Complete the Setup
  1. Assign the application to appropriate users or groups
  2. Download the Okta IdP metadata XML file or copy the metadata URL (preferred)
  3. Provide the metadata URL to your Tassel representative for configuration

    Can't find something? Try our chatbot