Skip to main content

Setup SSO

SSO can be setup form the Eduframe Settings page.

Settings → Authentications

OpenID Connect

For setting up OpenID connect you need to provide the following properties from your Identity Provider:

  • Client ID
  • Client Secret
  • Authorize url
  • Token url
info

Depending on your identity provider these properties might be named differently.

After setting up the Identity Provider you will notice a new button on your Eduframe Login Screen, called OpenID connect. Clicking the button should redirect you to the login screen of the Identity Provider. At this moment you will not be able to login yet since you should provide an authentication method per user. For this you need to have a middleware that syncs users and authentication methods.

Azure Entra ID

It's possible to authenticate users via Azure Entra ID using OpenID Connect. See our Azure Entra ID page for more detailed steps.

info

Azure Entra ID was previously called Azure Active Directory

For setting it up, you need the following properties:

  • Client ID
  • Client Secret
  • Authorize url
  • Token url

SurfConext

It's also possible to connect with SurfConext. This connection also uses OpenId Connect, so similar properties need to be provided:

  • Client ID
  • Client secret
  • Authorize URL
  • Token URL
  • UserInfo URL

In order to get the Client ID and secret, get in touch with us! The URLs are dependent on the SurfConext environment you wish to connect to, you can find the appropriate ones here:

In order to be able to log in through SurfConext you need to get in touch with Surf, mentioning our service.

Preprovisioning the authentication

To actually allow people to use the External Identity Provider you need to preprovision the existing users. This preprovisioning should be automated, so you need to build a middleware. The middleware is an application that coordinates the communication between Eduframe and your Identity Provider. A popular way to implement the middleware is through integration platforms like Microsoft Logic Apps or Zapier.

The preprovisioning is done through our public API. You need to provide the authentication_provider_type, the user_id and the uid properties. The user_id is always the unique identifier of the user in Eduframe. The other properties depend on the authentication method.

OpenID Connect

  • authentication_provider_type: openid_connect
  • uid: it should be the value of the uid claim returned by your Identity Provider.

Azure Entra ID

  • authentication_provider_type: azure_active_directory
  • uid: it should be the value of the oid (not uid!) claim returned by your Identity Provider.

SurfConext

  • authentication_provider_type: surf_conext
  • uid: <uid>@<schac_home_organization>

The next sections explain some approaches building the middleware.