G Suite setup

This is not a fully complete version of the guide, if you encounter any problems or have any follow-up questions please contact us via our in-app chat or submit a support ticket through the support tab

1. Attribute table

The following user attributes are supported by DigiExam:

Screen_Shot_2018-08-16_at_16.20.46.png(Click the image or here for bigger image)

*If no sisSchoolUnitCode is passed with the Login Response the user will have access to all organizations in the school organizational hierarchy.

**If no OrganizationRoles or eduPersonScopedAffiliation is passed with the Login Response the user is assumed to have student access. 

2. G-suite setup example

Setup custom user attributes for roles and organizations:

If you do not have user attributes setup for Skolfederation you need to add custom attributes to grant school staff users access in DigiExam. 

  1. Login to Google Admin Console -> Users -> Manage custom attributes

  2. In the Customs fields do the following steps:
    1. Name the Category and Description.
    2. Add an attribute with the following settings:
      OrganizationRoles - Text - Visible to admin - Single Value.

    3. Add an attribute with the following settings:
      eduPersonScopedAffiliation - Text - Visible to admin - Single Value.

    4. Add an attribute with the following settings:
      sisSchoolUnitCode - Text - Visible to admin - Single Value.



Set values on custom attributes for a user:

  1. Go to Google Admin Console -> Users

  2. Select a user (Select a user that will be able to use SSO)

  3. Click on User Information.

  4. Edit the custom attributes you defined earlier:

    1. Set one of the following values on eduPersonScopedAffiliation to give the user a role:
      1. member@digiexam;employee@digiexam;staff@digiexam for admin
      2. member@digiexam;employee@digiexam;faculty@digiexam for teacher
      3. member@digiexam;employee@digiexam;faculty@digiexam;staff@digiexam for teacher and admin

    2. OR Set one or more of the following values on OrganizationRoles to give the user a role, multiple values are separated by semi-color ( ; ) :
      1. teacher
      2. admin
      3. accountManager

    3. (Optional) Set one or more unit codes on sisSchoolUnitCode to restrict access to specific schools in the organization hierarchy, multiple values are separated by semi-color ( ; ).

  5. Save 

    1. User_information_sheet.png


Setup the SAML app:

  1. Login to Google Admin Console -> Apps -> SAML Apps

  2. Press the add button in the bottom right corner

  3. Choose “Setup my own custom app”Step_1_of_5_Enable_SSO_for_SAML_Application.png

  4. Download the IDP Metadata file to your computerStep_2_of_5_Google_Idp_Information_1.2.png

  5. Press Next

  6. Fill in Basic Information

    1. Application Name: [Name]

    2. Description: (Optional)

    3. Logo:Pink_logomedium.png(Right click to save image)

    4. Press NextStep_3_of_5_Basic_Information_for_your_Custom_App.png

  7. Fill in Service Provider Details listed below (Step 4 of 5)

    1. ACS Url:

    2. Entity ID: 

    3. Start URL: 

    4. Signed Response: Leave unchecked
    5. Name ID: Basic Information -> Primary Email

    6. Name ID Format: PERSISTENTStep_4_of_5_Service_Provider_Details.png

    7. Press Next.

8. Setup Attributes mappings.

The Attributes need to be identical to either the Attribute name or the Urn name. See [Attributes Tables]Screen_Shot_2018-08-16_at_16.20.46.png


3. Setup the metadata on the DigiExam organization 

  1. Logging on and then select the role of account manager.
  2. Head into the Integrations tab and upload the IDP metadata.DigiExam_Web_SAML_1.1.png
  3. Specify a Unit code, this is the sisSchoolUnitCode

  4. If multiple DigiExam organisations use the same IDP they will need to be connected to an umbrella organisation, see Attribute table. This connection can only be set up by DigiExam staff.


4. Starting the App and login challenge

Starting the app

If you browse into your apps in google you should find DigiExam in the list. Click on it and it will take you to the login challenge for first-time use. 


Users that have registered accounts manually in DigiExam and then perform a Single Sign-On using SAML are challenged to enter their password once per organization to allow SSO. If they are connected to an umbrella organization they only need to sign on once and they get access to all underlying organizations.


The users only need to do this once and it is in place to prevent unauthorized access to user accounts by malicious identity providers.


Here you can find all the available docs or images for download.


Was this article helpful?
0 out of 0 found this helpful