(Swedish version is will be available at a later date)
This is not a fully complete version of the guide, if you encounter any problems or have any follow-up questions please contact us via our in-app chat or submit a support ticket through the support tab https://app.digiexam.com/app#/support.
1. Attribute table
The following user attributes are supported by DigiExam.
*If no sisSchoolUnitCode is passed with the Login Response the user will have access to all organizations in the school organizational hierarchy.
**If no OrganizationRoles or eduPersonScopedAffiliation is passed with the Login Response the user is assumed to have student access.
2. G-suite setup example
Setup custom user attributes for roles and organizations:
If you do not have user attributes setup for Skolfederation you need to add custom attributes to grant school staff users access in DigiExam.
Login to Google Admin Console -> Users -> Manage custom attributes (top-right corner, see figure 2)
Add an attribute with name OrganizationRoles > Text > Visible to admin > Choose "Single Value" or "Multi Value" (both single value and multi value is supported)
Add an attribute with name eduPersonScopedAffiliation > Text > Visible to admin > Choose "Single Value" or "Multi Value" (both single value and multi value is supported)
- Add an attribute with name sisSchoolUnitCode > Text > Visible to admin > Choose "Single Value" or "Multi Value" (both single value and multi value is supported)
Set values on custom attributes for a user:
Go to Google Admin Console -> Users
Select a user (Select a user that will be able to use SSO)
Click on User Information.
Edit the custom attributes you defined earlier.
member@digiexam;employee@digiexam;staff@digiexam = Admin
member@digiexam;employee@digiexam;faculty@digiexam = Teacher
member@digiexam;employee@digiexam;faculty@digiexam;staff@digiexam = Teacher and admin
- sisSchoolUnitCode = differentiate users within the umbrella organization
Setup the SAML app:
Login to Google Admin Console -> Apps -> SAML Apps
Press the add button in the bottom right corner
Choose “Setup my own custom app”Figure 6
Download the IDP Metadata file to your computer
Fill in Basic Information
Application Name: [Name]
Logo:(Right click to save image)
Fill in Service Provider Details listed below (Step 4 of 5)
Start URL: https://app.digiexam.com/app#/
(https://app-us.digiexam.com/app#/) For US customers.
- Signed Response: Leave unchecked
Name ID: Basic Information -> Primary Email
Name ID Format: PERSISTENT
8. Setup Attributes mappings.
The Attributes need to be identical to either the Attribute name or the Urn name. See [Attributes Tables]
3. Setup the metadata on the DigiExam organization
- Logging on https://app.digiexam.com/app#/login and then select the role of account manager.
- Head into the Integrations tab and upload the IDP metadata.
Specify a Unit code, this is the sisSchoolUnitCode
If multiple DigiExam organisations use the same IDP they will need to be connected to an umbrella organisation, see Attribute table. This connection can only be set up by DigiExam staff.
4. Starting the App and login challenge
Starting the app
If you browse into your apps in google you should find DigiExam in the list. Click on it and it will take you to the login challenge for first-time use.
Users that have registered accounts manually in DigiExam and then perform a Single Sign-On using SAML are challenged to enter their password once per organization to allow SSO. If they are connected to an umbrella organization they only need to sign on once and they get access to all underlying organizations.
The users only need to do this once and it is in place to prevent unauthorized access to user accounts by malicious identity providers.