Follow

Google Workspace setup

If you encounter any problems or have any follow-up questions, please contact us via our in-app chat or submit a support ticket through the support tab.

 

  1. Attribute table

  2. Google Workspace setup example

    1. Manage custom attributes

    2. Set values on custom attributes for a user

    3. Set up the SAML app

  3. Set up the metadata on the DigiExam organization 

  4. Starting the App and login challenge
    1. Starting the app

    2. Login challenge


 

1. Attribute table

The following user attributes are supported by DigiExam (for a bigger size image, right-click and open the image in a new tab. PDF-file at the bottom of the guide):

Attribute_table.png
Figure 1

 

*If no sisSchoolUnitCode is passed with the Login Response, the user will have access to all organizations in the school organizational hierarchy.

**If no OrganizationRoles or eduPersonScopedAffiliation is passed with the Login Response, the user is assumed to have student access. 

 



2. Google Workspace setup example

Set up custom user attributes for roles and organizations:

If you do not have user attributes set up for Skolfederation, you need to add custom attributes to grant school staff users access in DigiExam.

 

2.1. Manage custom attributes

  1. Login to Google Admin ConsoleUsersMoreManage custom attributes (figure 2).

    Manage_custom_attributes.png
    Figure 2

     

  2. In the top-right corner, click on Add custom attribute.

    1. Add Category and Description.
    2. Add the attributes below that you need, depending on which attributes you will send to DigiExam:

      • Name: OrganizationRoles
        Info type: Text
        Visibility: Visible to admin
        No. of values: Single Value or Multi-value (DigiExam supports both)

      • Name: sisSchoolUnitCode
        Info type: Text
        Visibility: Visible to admin
        No. of values: Single Value or Multi-value (DigiExam supports both)

      • Name: eduPersonScopedAffiliation (Skolfederation only)
        Info type: Text
        Visibility: Visible to admin
        No. of values: Single Value or Multi-value (DigiExam supports both)

Add_custom_attributes.png

Figure 3



2.2. Set values on custom attributes for a user:

  1. Go to Google Admin ConsoleUsers

  2. Select a user (Select a user that will be able to use SSO)

  3. Click on User Information.

  4. Edit the custom attributes you defined earlier:

    1. Set one of the following values on eduPersonScopedAffiliation to give the user a role:
    2. Set one or more of the following values on OrganizationRoles to give the user a role, multiple values are separated by semi-colon (;):
          1. teacher
          2. admin
          3. accountManager

        1. (Optional) Set one or more unit codes on sisSchoolUnitCode to restrict access to specific schools in the organization hierarchy, multiple values are separated by semi-colon (;).

  5. Save 

User_information_sheet.png
Figure 4

 



2.3. Set up the SAML app:

  1. Login to Google Admin ConsoleAppsOverviewWeb and mobile apps

  2. Press the button Add app in the top-menu bar

  3. Choose Add custom SAML app (figure 5)

    Add_custom_SAML_app.png
    Figure 5


  4. Add App name and upload an App icon, preferably the DigiExam logo:
    Pink_logomedium.png(Right click to save image)

  5. Then, click on Continue.

  6. Download the IDP Metadata file to your computer and click on Continue.

  7. Fill in Service Provider Details listed below (example, figure 6)

    1. ACS URL:
      EU: https://app.digiexam.com/api/v1/saml/login
      US: https://app-us.digiexam.com/api/v1/saml/login

    2. Entity ID: 
      EU: https://app.digiexam.com/api/v1/saml/metadata
      US: https://app-us.digiexam.com/api/v1/saml/metadata

    3. Start URL: 
      EU: https://app.digiexam.com/app#/ 
      US: https://app-us.digiexam.com/app#/

    4. Signed Response: Leave unchecked
    5. Name ID: PERSISTENT

    6. Name ID Format: Basic Information → Primary Email

    7. Press Continue
      service_provider_details.png
      Figure 6


    8. Set up attribute mapping
      1. Click on Add mapping (example, figure 8).

The Attributes need to be identical to either the Attribute name or the Urn name (figure 7).

Screen_Shot_2018-08-16_at_16.20.46.png
Figure 7

 

attribute_mapping.png
Figure 8

 

 


 

3. Set up the metadata on the DigiExam organization 

  1. Log in on https://app.digiexam.com/app#/login and select the Account Manager role.
  2. Click on Organization →  IntegrationsEnable SAML integration and upload the IDP metadata that was downloaded earlier (figure 9).
    (If the metadata file can be downloaded again, go to step 5) 

    Upload_Metadata.png
    Figure 9
  3. If unit codes are used, add unit codes (sisSchoolUnitCode) to all organizations except for the organization that the IDP metadata file is uploaded to.

  4. If multiple DigiExam organizations use the same IDP, they will need to be connected to an umbrella organization (Attribute table). This connection can only be set up by DigiExam staff, please contact DigiExam support, if this is the case.

  5. To download the metadata again:
    Apps Web and mobile apps → [Your DigiExam app] → Download metadata
    download_metadata.png
    Figure 10

 


 

4. Starting the App and login challenge

4.1. Starting the app

In Google, open apps and you should find DigiExam in the list (figure 11). Click on it, and it will take you to the login challenge for first-time use.

Login_app.png
Figure 11

 

4.2. Login challenge

Users that have registered accounts manually in DigiExam and then perform a Single Sign-On using SAML, are challenged to enter their DigiExam-password once per organization to allow SSO. If they are connected to an umbrella organization, they only need to sign on once, thereafter they get access to all underlying organizations. It is in place to prevent unauthorized access to user accounts by malicious identity providers.

DigiExam_Web_SAML_4.png
Figure 12



 


 

Was this article helpful?
0 out of 0 found this helpful

Comments