(Swedish version is will be available at a later date)
If you encounter any problems or have any follow-up questions please contact us via our in-app chat or send us a support ticket through the support form found here: https://app.digiexam.com/app#/support
1. Attribute table
The following user attributes are supported by DigiExam.
Figure 1 (Click the image above or click here for bigger image)
*If no sisSchoolUnitCode is passed with the Login Response the user will have access to all organizations in the school organizational hierarchy.
**If no OrganizationRoles or eduPersonScopedAffiliation is passed with the Login Response the user is assumed to have student access.
2. G-suite setup example
Setup custom user attributes for roles and organizations:
If you do not have user attributes setup for Skolfederation you need to add custom attributes to grant school staff users access in DigiExam.
-
Login to Google Admin Console -> Users -> Manage custom attributes (top-right corner, see figure 2)
Figure 2 -
Add an attribute with name OrganizationRoles > Text > Visible to admin > Choose "Single Value" or "Multi Value" (both single value and multi value is supported)
-
Add an attribute with name eduPersonScopedAffiliation > Text > Visible to admin > Choose "Single Value" or "Multi Value" (both single value and multi value is supported)
- Add an attribute with name sisSchoolUnitCode > Text > Visible to admin > Choose "Single Value" or "Multi Value" (both single value and multi value is supported)
Figure 3
Set values on custom attributes for a user:
-
Go to Google Admin Console -> Users
-
Select a user (Select a user that will be able to use SSO)
-
Click on User Information.
-
Edit the custom attributes you defined earlier.
- OrganizationRoles:
teacher
admin
accountManager - eduPersonScopedAffiliation:
member@digiexam;employee@digiexam;staff@digiexam = Admin
member@digiexam;employee@digiexam;faculty@digiexam = Teacher
member@digiexam;employee@digiexam;faculty@digiexam;staff@digiexam = Teacher and admin - sisSchoolUnitCode = differentiate users within the umbrella organization
- OrganizationRoles:
- SAVE.
Figure 4
Setup the SAML app:
-
Login to Google Admin Console -> Apps -> SAML Apps
-
Press the add button in the bottom right corner
-
Choose “Setup my own custom app”
Figure 6
-
Download the IDP Metadata file to your computer
Figure 7 -
Press Next
-
Fill in Basic Information
-
Application Name: [Name]
-
Description: (Optional)
-
Logo:
(Right click to save image)
-
Press Next
Figure 8 -
Fill in Service Provider Details listed below (Step 4 of 5)
-
Start URL: https://app.digiexam.com/app#/
(https://app-us.digiexam.com/app#/) For US customers.
- Signed Response: Leave unchecked
-
Name ID: Basic Information -> Primary Email
-
Name ID Format: PERSISTENT
Figure 9 -
Press Next.
8. Setup Attributes mappings.
The Attributes need to be identical to either the Attribute name or the Urn name. See [Attributes Tables]
Figure 11
3. Setup the metadata on the DigiExam organization
- Logging on https://app.digiexam.com/app#/login and then select the role of account manager.
- Head into the Integrations tab and upload the IDP metadata.
Figure 12 -
Specify a Unit code, this is the sisSchoolUnitCode
-
If multiple DigiExam organisations use the same IDP they will need to be connected to an umbrella organisation, see Attribute table. This connection can only be set up by DigiExam staff.
4. Starting the App and login challenge
Starting the app
If you browse into your apps in google you should find DigiExam in the list. Click on it and it will take you to the login challenge for first-time use.
Figure 13
Users that have registered accounts manually in DigiExam and then perform a Single Sign-On using SAML are challenged to enter their password once per organization to allow SSO. If they are connected to an umbrella organization they only need to sign on once and they get access to all underlying organizations.
Figure 14
The users only need to do this once and it is in place to prevent unauthorized access to user accounts by malicious identity providers.
Kommentarer