If you encounter any problems or have any follow-up questions, please contact us via our in-app chat or send us an email.
- Attribute table
- Upload the metadata on the Digiexam organization
- Starting the App and login challenge
1. Attribute table
The following user attributes are supported by Digiexam (for a bigger size image, right-click and open the image in a new tab. PDF-file at the bottom of the guide):
Figure 1 |
*If no sisSchoolUnitCode is passed with the Login Response, the user will have access to all organizations in the school organizational hierarchy.
**If no OrganizationRoles or eduPersonScopedAffiliation is passed with the Login Response, the user is assumed to have student access.
2. Google Workspace setup example
Set up custom user attributes for roles and organizations:
If you do not have user attributes set up for Skolfederation, you need to add custom attributes to grant school staff users access in Digiexam.
2.1. Manage custom attributes
-
Login to Google Admin Console → Directory → Users → More → Manage custom attributes (figure 2).
Figure 2 -
Add the attributes below that you need, depending on which attributes you will send to Digiexam:
-
Name: OrganizationRoles
Info type: Text
Visibility: Visible to users and admin
No. of values: Single Value or Multi-value (Digiexam supports both) -
Name: sisSchoolUnitCode
Info type: Text
Visibility: Visible to users and admin
No. of values: Single Value or Multi-value (Digiexam supports both) -
Name: eduPersonScopedAffiliation (Skolfederation only)
Info type: Text
Visibility: Visible to users and admin
No. of values: Single Value or Multi-value (Digiexam supports both)
-
Figure 3 |
2.2. Set values on custom attributes for a user
-
Go to Google Admin Console → Users
-
Select a user that will be able to use SSO
-
Click on the section User Information.
-
Edit the custom attributes you defined earlier:
- Set one of the following values on eduPersonScopedAffiliation to give the user a role:
- Admin:
member@digiexam;employee@digiexam;staff@digiexam for admin - Teacher:
member@digiexam;employee@digiexam;faculty@digiexam for teacher - Teacher and admin:
member@digiexam;employee@digiexam;faculty@digiexam;staff@digiexam
OR
- Admin:
- Set one or more of the following values on OrganizationRoles to give the user a role, multiple values are separated by semi-colon (;):
- teacher
- admin
- accountManager
- (Optional) Set one or more unit codes on sisSchoolUnitCode to restrict access to specific schools in the organization hierarchy, multiple values are separated by semi-colon (;).
- Set one of the following values on eduPersonScopedAffiliation to give the user a role:
- Click on Save
|
2.3. Set up the SAML app:
-
Login to Google Admin Console → Apps → Overview → Web and mobile apps
-
Press the button Add app in the top-menu bar
- Choose Add custom SAML app (figure 5)
Figure 5 - Add App name and upload an App icon, preferably the Digiexam logo:
(Right click to save image) - Then, click on Continue.
-
Click on Download metadata and then click on Continue.
-
Fill in Service Provider Details listed below (example, figure 6)
-
ACS URL:
EU: https://app.digiexam.com/api/v1/saml/login
US: https://app-us.digiexam.com/api/v1/saml/login -
Entity ID:
EU: https://app.digiexam.com/api/v1/saml/metadata
US: https://app-us.digiexam.com/api/v1/saml/metadata -
Start URL:
EU: https://app.digiexam.com/app#/
US: https://app-us.digiexam.com/app#/ - Signed Response: Leave unchecked
-
Name ID: PERSISTENT
-
Name ID Format: Basic Information → Primary Email
- Press Continue
Figure 6
-
Set up attribute mapping
-
-
- Click on the Add mapping button and see figure 7 for example.
Figure 7 -
The Attributes need to be identical to either the Attribute name or the Urn name (figure 8).
Figure 8
- Click on the Add mapping button and see figure 7 for example.
-
3. Upload the metadata on the Digiexam organization
- Log in to Digiexam and select the Account Manager role.
- Click on Organization → Integrations → Enable SAML integration (see figure 9) and upload the IDP metadata that was downloaded earlier in step 2.3.6 (the metadata file can be downloaded again if needed, see step 5 below).
Figure 9 -
If unit codes are used, add unit codes (sisSchoolUnitCode) to all organizations except for the organization that the IDP metadata file is uploaded to.
-
If multiple Digiexam organizations use the same IDP, they will need to be connected to an umbrella organization (Attribute table). This connection can only be set up by Digiexam staff, please contact Digiexam support, if this is the case.
- To download the metadata again, in the Google admin console, go to:
Apps → Web and mobile apps → [Your Digiexam app] → Download metadata
Figure 10
4. Starting the App and login challenge
4.1. Starting the app
In Google, open apps and you should find Digiexam in the list (figure 11). Click on it, and it will take you to the login challenge for first-time use.
Figure 11 |
4.2. Login challenge
Users that have registered accounts manually in Digiexam and then perform a Single Sign-On using SAML, are challenged to enter their Digiexam-password once per organization to allow SSO. If they are connected to an umbrella organization, they only need to sign on once, thereafter they get access to all underlying organizations. It is in place to prevent unauthorized access to user accounts by malicious identity providers.
Figure 12 |
Comments