SAML 2.0 SSO

userXello AdminTime5 minutes

With Xello SSO, students can log into their account and then access Xello without a separate login.

FYIFYI: To learn more about how SSO works in Xello, see the articles How Student SSO Works and How Educator SSO Works.

If you're establishing a trust between Xello and Active Directory Federation Services (ADFS), follow these instructions:

  1. Open ADFS Management.
  2. At the top left of the screen, click the ADFS folder and choose the Add Relying Party Trust option from the actions menu (on the right of the screen by default).
  3. Click Add Relying Party Trust Wizard, which will allow you to choose a metadata file. Choose the following XML file: XML File new tab
  4. Once you’ve entered the URL, you can finish the wizard by clicking Next multiple times and leaving the other options set to default.
  5. You’ll now see the recently added Relying Party Trusts folder (in the Trust Relationship folder). Highlight the new Xello Relying Party Trust and then click the Edit Claim Rules link in the action menu to the right.
  6. Add a new rule using the template Send LDAP Attributes as Claims and call the new rule sso-token, making sure the entire sso-token name is in lowercase and not in quotes. Click OK to save the custom rule.
    noteNote: The LDAP Attribute is very important as it represents the attribute in your Active Directory that identifies a user’s unique identifier (e.g. samAccountName, StudentId, or employee-id are all common attribute names). Whatever attribute you choose, it must be something that Xello has pulled from data integration, like the Student ID or email address.
  7. Right-click Xello Relying Party Trust and select Properties. Choose the Advanced tab and make sure that the Secure hash algorithm is set to SHA-1.
  8. Once setup is complete on your end, your Onboarding Manager will require your metadata file and the user attribute name to complete the process:

    Locate the metadata export URL for ADFS.
    1. Log in to the ADFS server and open the management console.
    2. In the AD FS folder, expand Services and click Endpoints.
    3. Locate the FederationMetadata.xml file.
    4. Use a browser to navigate to that URL on the ADFS server and download the file. For example: https://localhost/FederationMetadata/2007-06/FederationMetadata.xml

    Please also provide the user attribute name that you set up in your sso-token claim rule. We need this so that we can configure our system to look up users based on the correct attribute (e.g. Student ID or email address).
  9. When configuration is complete, your Onboarding Manager will send you a URL that can be placed in your LMS or Intranet, or provided directly to students. Where {DistrictToken} is your unique Xello district token, the URLs will look something like this:
    • For Students: https://auth.xello.co.uk/student/saml?DistrictToken={DistrictToken}
    • For Educators: https://auth.xello.world/educators/saml?DistrictToken={DistrictToken}
Related Topics