Use Active Directory with SAML 2.0

Josh Portillo

Customer Support

For Remind Hub Premium administrators.

Enable SAML 2.0 for your district to allow your community members to quickly access their Remind account by logging in with your identity provider.

This article contains the following sections:

Prerequisite
Share district information
Resource

Prerequisite

Your organization must be using Active Directory to manage its user data.

You must have completed an SIS sync to create accounts for your community.

Your organization must host a portal page that your members can use to log in to the organization's managed applications.

Share district information

To integrate with your Active Directory using SAML 2.0, please reach out to your Customer Success Manager and ask them to send you the SAML Information form so you can submit the following information:
1. idp_identity_id
  - This is the string that the IDP will send us identifying themselves.
  - Example: https://sts.windows.net/(example-uuid)/
2. idp_sso_service_url
  - This URL will be used for Service Provider (US) initiated SSO.
  - Example: https://login.microsoftonline.com/(example-uuid)/saml2
3. idp_cert
  - This is the ASCII-armor encoded certificate used to validate the SAML document the IDP sends us on login.
4. A list of the attribute statement keys you'll send over. They must include at least the following information:
  - UID:
    - This should be a unique identifier in their system for a specific user. It can be a GUID, an ID number, and an email. It’s used to associate the SAML identity with the user on the first login.
    - Example: http://schemas.microsoft.com/identity/claims/objectidentifier
  - first_name
    - This is usually given as ‘givenname’ in your attribute list.
    - Example: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
  - last_name
    - This is usually given as ‘surname’ in your attribute list
    - Example: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
  - email
    - It should be the email address associated with the user’s account they are rostered under.
    - Example: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
In return, we will share the following information:
- ACS URL - This is the URL the user will call to our API to initiate the Identity provider-initiated SSO login.
- SP Identity ID - This unique name represents us to the IdentityProvider.
Your Customer Success Manager will follow up with you about the next steps.

Resource

We recommend you read this article to learn more about SAML and its benefits.

Was this article helpful?

Yes No

1 out of 2 found this helpful

Use Active Directory with SAML 2.0

Josh Portillo

Customer Support

For Remind Hub Premium administrators.

Enable SAML 2.0 for your district to allow your community members to quickly access their Remind account by logging in with your identity provider.

This article contains the following sections:

Prerequisite
Share district information
Resource

Prerequisite

Your organization must be using Active Directory to manage its user data.

You must have completed an SIS sync to create accounts for your community.

Your organization must host a portal page that your members can use to log in to the organization's managed applications.

Share district information

To integrate with your Active Directory using SAML 2.0, please reach out to your Customer Success Manager and ask them to send you the SAML Information form so you can submit the following information:
1. idp_identity_id
  - This is the string that the IDP will send us identifying themselves.
  - Example: https://sts.windows.net/(example-uuid)/
2. idp_sso_service_url
  - This URL will be used for Service Provider (US) initiated SSO.
  - Example: https://login.microsoftonline.com/(example-uuid)/saml2
3. idp_cert
  - This is the ASCII-armor encoded certificate used to validate the SAML document the IDP sends us on login.
4. A list of the attribute statement keys you'll send over. They must include at least the following information:
  - UID:
    - This should be a unique identifier in their system for a specific user. It can be a GUID, an ID number, and an email. It’s used to associate the SAML identity with the user on the first login.
    - Example: http://schemas.microsoft.com/identity/claims/objectidentifier
  - first_name
    - This is usually given as ‘givenname’ in your attribute list.
    - Example: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
  - last_name
    - This is usually given as ‘surname’ in your attribute list
    - Example: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
  - email
    - It should be the email address associated with the user’s account they are rostered under.
    - Example: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
In return, we will share the following information:
- ACS URL - This is the URL the user will call to our API to initiate the Identity provider-initiated SSO login.
- SP Identity ID - This unique name represents us to the IdentityProvider.
Your Customer Success Manager will follow up with you about the next steps.

Resource

We recommend you read this article to learn more about SAML and its benefits.

Was this article helpful?

Yes No

1 out of 2 found this helpful

Reach out to us directly

Still can’t find what you’re looking for? Send us a message and
we’ll get back to you as soon as possible.

Prerequisite

Share district information

Resource

Related articles

Related articles

Prerequisite

Share district information

Resource

Related articles

Reach out to us directly