Custom Single Sign-On and SAML Single Sign-On

Back to Main Menu | Advanced Options Menu | Next: Account Settings > Social Activity


In AccuCampus there are two ways to implement SSO (Single Sign-On Authentication).

Custom Single Sign-on

This area is used to Manage a Single-Sign-On procedure.

How to Access: Advanced Options > Single Sign-On. Use the “Learn how to integrate” option to learn and research SSO Authentication.

  • Reset Key - Please use this option to reset your Access Key.

  • Create an HTML page for linking to Seminars - This creates a base HTML and copies it to your clipboard. Html is a sample containing a script to embed in your SSO page, with a textbox to input the User ID and a button that directly logs the user in and takes to the Seminars page where the user can register for available Seminars. Below is the sample landing page using the generated HTML and entering a student's “username” (ie: cbashoz@mycollege.edu):

  • Create an HTML page for registering for upcoming Seminars - This creates a base HTML and copies it to the clipboard. HTML is a sample containing a script to embed in your SSO page, with a textbox to input the User ID and a button that shows a calendar with upcoming seminars. Users can directly register by clicking on any seminar listed. They are not logged in to AccuCampus and just get registered to the seminar they choose, by clicking on the calendar. Note that these HTML templates are generated specifically for your account and will be used on your portal. You can take the example scripts and use them as you see fit. Below is the sample HTML with a student username entered:

  • Redirect URL - Redirect URL is the location that the student would be navigated to initially. For example if you want the student start in her\his appointments page (“Appointments\View All”), then set this to: /appointments/list
  • Session expires when inactive - With SSO, there is a token assigned for login. Sometimes, this token might be requested ahead of the actual login. If this flag is set, then the token is valid only for 2 hours from the moment it is created. If not set then the token doesn't have an expiration time.
  • Enabled - Please use this option to enable SSO.
  • SAVE BUTTON - Please click this option to save the configuration.
  • CANCEL BUTTON - Please click this option to cancel and roll back without saving.
IMPORTANT: Your Single Sign-On (SSO) access key lets you log in as any user without asking for the corresponding password. You must keep your key protected, otherwise, your information might be stolen. Reset your key periodically to mitigate information risks.


SAML Single Sign-On

  • Enabled - Please use this option to enable SAML Single Sign-On authentication in your account.
  • Server URL - Please type in the Redirect URL.
  • Certificate - Get your identity provider's certificate and paste it here. If used, remember to maintain the === BEGIN CERTIFICATE === and === END CERTIFICATE === delimiters.
  • Session expires when inactive- Specifies whether the session expires after being idle for the time specified in the “session timeout setting”.
  • Logout URL- Users will be redirected to this URL when they log out.
  • Login Error URL - Users will be redirected to this URL if there's an error at login. The error message will be sent in the query string using the parameter name defined below.
  • Error Parameter Name- This is the parameter name used to send the error message in the query string.
  • Metadata- This is your AccuCampus SAML Metadata, you would need this to enter it into your IDP(use the copy Metadata XML button below to make sure you are copying all), after setting the metadata in your IDP you would need to copy your IDP generated certificate in the certificate field above.
  • SAVE BUTTON - Please click this option to save the configuration.
  • CANCEL BUTTON - Please click this option to cancel and roll back without saving.
Note: For SAML setup, your AccuCampus address is displayed at the top. For example:

https://accucampus.net/in/democampus

With this new address, users are redirected to SAML if they are not authenticated already.

Additional documentation/articles about this topic