Skip to main content

Introduction

Eduframe supports two categories of login:

  • Eduframe-managed email/password logins.
  • Three SSO providers managed externally (e.g., enterprise identity systems).

Any user can have multiple authentications linked to their account. By default, Eduframe will create a new email/password authentication for a user unless this behavior is explicitly disabled.

Default email/password flow

  1. A new user is created in Eduframe.
  2. This triggers an email based on the template configured in Eduframe settings.
  3. The user receives an email containing a link to set their password.
  4. The user completes password setup and can log in with the newly created email/password credentials.

SSO Configuration

The following pages cover how you can configure SSO providers in Eduframe. Note that Eduframe does not support automatic provisioning, so users must be provisioned manually before they can authenticate via SSO. This process can be automated by creating an authentication.

Hybrid authentication setups

Hybrid setups let you mix Eduframe-managed email/password logins with any of the three supported SSO providers so different user groups can sign in using the method that fits them best.

How it works

  • Each user can have multiple authentication records.
  • Eduframe will create an email/password authentication by default unless disabled.
  • You can add or remove authentications per user to match your login policy.
tip

You can disable the automatic email/password creation in the authentication settings

Automating the decision

Use the Eduframe API to create an authentication record for the desired provider:

  1. Decide which provider to use (Eduframe email/password or one of the SSO providers) based on your business rules (e.g., user type, organization, domain).
  2. Create the authentication record via the API for that provider and user.
  3. If using Eduframe email/password, the user receives the password setup email flow; if using SSO, the user can sign in through the chosen identity provider.
info

The trigger for the workflow above often depends on the desired use case. If user creation always starts in an external system you can add authentications directly after creating a user in Eduframe. For any other use case you can make use of our webhooks and trigger the workflow above based on the user.created event.

This approach enables automated, per-user control over whether they receive email/password credentials or are routed to SSO.