Security Assertion Mark-Up Language (SAML) is an authentication method for users to log in to one system automatically by being logged into another. The idea is to sign in once (usually to a school’s network directory service) and the tools user's use will ‘authenticate’ them based on that single sign-in (SSO).
FastBridge Learning® supports SAML v2.0 as an SSO method for the FAST application. Once a district provides all the information required, please allow up to 4 weeks for FastBridge to implement this SSO solution from beginning, to customer testing and sign-off, to end.
Preparing for Setup
- The District must be setup and active in FastBridge
- The District must verify that their SAML 2.0 federation services are compatible with Microsoft ADFS.
- The AD-FS compatible environment must have Publicly Trusted Certificates enabled.
- The setting in District Preferences > District Properties > SSO Enable must be set to On. Only the FastBridge team has access to this setting.
- The district should have ready access to teacher ID’s, Student ID’s, nameID from their AD-FS POST responses, and a FastBridge roster in CSV format that will be edited by the school. Districts will want this handy when re-creating their rosters to fit the SSO implementation.
What FastBridge provides
-
District_Key - A unique identifier with no spaces and no punctuation.
- Example: Best School NY becomes bestschoolny.
- A token-signing certificate (SHA-256) via URL for the District to import.
- At the end of the process, an SSO link with the ‘District_Key’ inserted, in this format: https://auth.fastbridge.org/sso/{district_key}/metadata.do
This link will redirect to the District ADFS page where staff sign in. Once done, a POST response is sent with a token issued from the ADFS server and contains a timestamp and a NameID that exactly matches the NameID in the newly-constructed roster (See ‘Changes to your Roster’ below.)
What Districts must provide FastBridge
- School Site Metadata - XML document or URL generally provided by a District Administrator from an ADFS URL.
- Verify the token-signing certificate is imported.
Student Roster Modifications
- StudentID has to be the nameID that will be passed to FastBridge in the SAML POST response.
- TeacherID has to be the nameID that that will be passed to FastBridge in the SAML POST response.
-
TeacherEmail is not an email address but a value in the following format: DistrictKey_8_nameID
- DistrictKey is a unique district key provided to districts by FastBridge.
- nameID is the nameID that will be passed to FastBridge in the SAML POST response. It should not be an email address.
- 8 is the FastBridge User Role ID for teachers.
- Please note, the teachers’ actual email address should not be on student rosters with SSO integration that are entered through the Staff Roster process.
- Please access/download the linked sample SSO student roster template and resource for Creating First SAML SSO FastBridge Student Roster document for further assistance.
Staff Roster Modifications
-
UserID in format: DistrictKey_FastBridgeUserRoleID_nameID
- DistrictKey is a unique district key provide to districts by FastBridge.
- FastBridgeUserRoleID is the value in Column 2, RoleID. The FastBridge non-teaching staff user role IDs are:
- 6 - District Manager
- 7 - School Manager
- 91 - Specialist
- 92 - Group Proctor
- nameID has to be the nameID that will be passed to FastBridge in the SAML POST response.
- Email should be non-teacher staff user's actual email address
- The Upload a Staff Roster page is only non-teaching staff accounts. Teaching staff accounts are created through the student roster upload process.
-
Please access/download the linked sample SSO non-teaching staff roster template and resource for Creating First SAML SSO FastBridge Non-Teaching Staff Roster document for further assistance.