For Remind Hub Premium administrators.
Enable SAML 2.0 for your district to allow your community members to quickly access their Remind account by logging in with your identity provider.
This article contains the following sections:
Prerequisite
Your organization must be using Active Directory to manage its user data.
You must have completed an SIS sync to create accounts for your community.
Your organization must host a portal page that your members can use to log in to the organization's managed applications.
Share district information
- To integrate with your Active Directory using SAML 2.0, please reach out to your Customer Success Manager and ask them to send you the SAML Information form so you can submit the following information:
-
idp_identity_id
- This is the string that the IDP will send us identifying themselves.
- Example: https://sts.windows.net/(example-uuid)/
-
idp_sso_service_url
- This URL will be used for Service Provider (US) initiated SSO.
- Example: https://login.microsoftonline.com/(example-uuid)/saml2
-
idp_cert
- This is the ASCII-armor encoded certificate used to validate the SAML document the IDP sends us on login.
-
A list of the attribute statement keys you'll send over. They must include at least the following information:
-
UID:
- This should be a unique identifier in their system for a specific user. It can be a GUID, an ID number, and an email. It’s used to associate the SAML identity with the user on the first login.
- Example: http://schemas.microsoft.com/identity/claims/objectidentifier
-
first_name
- This is usually given as ‘givenname’ in your attribute list.
- Example: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
-
last_name
- This is usually given as ‘surname’ in your attribute list
- Example: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
-
email
- It should be the email address associated with the user’s account they are rostered under.
- Example: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
-
UID:
-
idp_identity_id
-
In return, we will share the following information:
- ACS URL - This is the URL the user will call to our API to initiate the Identity provider-initiated SSO login.
- SP Identity ID - This unique name represents us to the IdentityProvider.
- Your Customer Success Manager will follow up with you about the next steps.
Resource
We recommend you read this article to learn more about SAML and its benefits.