Google Workspace setup

(Swedish version is will be available at a later date)

If you encounter any problems or have any follow-up questions please contact us via our in-app chat or send us a support ticket through the support form found here: https://app.digiexam.com/app#/support

1. Attribute table

The following user attributes are supported by DigiExam.

Screen_Shot_2018-08-16_at_16.20.46.pngFigure 1 (Click the image above or click here for bigger image)

*If no sisSchoolUnitCode is passed with the Login Response the user will have access to all organizations in the school organizational hierarchy.

**If no OrganizationRoles or eduPersonScopedAffiliation is passed with the Login Response the user is assumed to have student access.

2. Google Workspace setup example

Setup custom user attributes for roles and organizations:

If you do not have user attributes setup for Skolfederation you need to add custom attributes to grant school staff users access in DigiExam.

  1. Login to Google Admin Console -> Users -> Manage custom attributes (top-right corner, see figure 2)
    Figure 2

  2. Now we'll add some custom attributes, click on the "Add custom attribute" button in the top-right corner.
  3. Name the Category "DigiExam Integration" and description to "Attributes for the DigiExam Integration".    
  4. Add an attribute with name OrganizationRoles > Text > Visible to admin > Choose "Single Value" or "Multi Value" (both single value and multi value is supported)

  5. Add an attribute with name eduPersonScopedAffiliation > Text > Visible to admin > Choose "Single Value" or "Multi Value" (both single value and multi value is supported)

  6. Add an attribute with name sisSchoolUnitCode > Text > Visible to admin > Choose "Single Value" or "Multi Value" (both single value and multi value is supported)

Figure 3

 Set values on custom attributes for a user:

  1. Go to Google Admin Console -> Users

  2. Select a user (Select a user that will be able to use SSO)

  3. Click on User Information.

  4. Edit the custom attributes you defined earlier.

    1. OrganizationRoles:

    2. eduPersonScopedAffiliation:
      member@digiexam;employee@digiexam;staff@digiexam = Admin
      member@digiexam;employee@digiexam;faculty@digiexam = Teacher
      member@digiexam;employee@digiexam;faculty@digiexam;staff@digiexam = Teacher and admin

    3. sisSchoolUnitCode = differentiate users within the umbrella organization 

  5. SAVE. 

Figure 4


Setup the SAML app:

  1. Login to Google Admin Console -> Apps -> SAML Apps

  2. Press the add button in the bottom right corner

  3. Choose “Setup my own custom app”Step_1_of_5_Enable_SSO_for_SAML_Application.pngFigure 6

  4. Download the IDP Metadata file to your computerStep_2_of_5_Google_Idp_Information_1.2.png
    Figure 7

  5. Press Next

  6. Fill in Basic Information

    1. Application Name: [Name]

    2. Description: (Optional)

    3. Logo:Pink_logomedium.png(Right click to save image)

    4. Press NextStep_3_of_5_Basic_Information_for_your_Custom_App.png
      Figure 8

  7. Fill in Service Provider Details listed below (Step 4 of 5)

    1. ACS Url: https://app.digiexam.com/api/v1/saml/login

    2. Entity ID: https://app.digiexam.com/api/v1/saml/metadata

    3. Start URL: https://app.digiexam.com/app#/ 

      (https://app-us.digiexam.com/app#/) For US customers.

    4. Signed Response: Leave unchecked
    5. Name ID: Basic Information -> Primary Email

    6. Name ID Format: PERSISTENTStep_4_of_5_Service_Provider_Details.png
      Figure 9

    7. Press Next.

8. Setup Attributes mappings.

The Attributes need to be identical to either the Attribute name or the Urn name. See [Attributes Tables]

Screen_Shot_2018-08-16_at_16.20.46.pngFigure 10

Figure 11

3. Setup the metadata on the DigiExam organization 

  1. Logging on https://app.digiexam.com/app#/login and then select the role of account manager.
  2. Head into the Integrations tab and upload the IDP metadata.DigiExam_Web_SAML_1.1.png
    Figure 12
  3. Specify a Unit code, this is the sisSchoolUnitCode

  4. If multiple DigiExam organisations use the same IDP they will need to be connected to an umbrella organisation, see Attribute table. This connection can only be set up by DigiExam staff.


4. Starting the App and login challenge

Starting the app

If you browse into your apps in google you should find DigiExam in the list. Click on it and it will take you to the login challenge for first-time use. 

Figure 13

Users that have registered accounts manually in DigiExam and then perform a Single Sign-On using SAML are challenged to enter their password once per organization to allow SSO. If they are connected to an umbrella organization they only need to sign on once and they get access to all underlying organizations.

Figure 14

The users only need to do this once and it is in place to prevent unauthorized access to user accounts by malicious identity providers.


Var denna artikel till hjälp?
0 av 0 tyckte detta var till hjälp