Single sign on (SSO) can be connected to SIRAS from a Google or OneLogin workspace with the following procedure:
1. In the Google Workspace or OneLogin, a new SIRAS "app" will need to be created. (Add App > Add custom SAML app)
Parameters for the app should be setup initially to connect to https://training.sirassystems.org for testing purposes. Once testing is complete we will reconfigure this for production. For siras-kern.org or siras.vcoe.org users use those training or production URLs accordingly.
EntityID
https://training.sirassystems.org/sso/metadata.jsf
Login URL / ACS URL / Recipient
https://training.sirassystems.org/sso/acs.jsf
Logout URL
https://training.sirassystems.org/sso/logout.jsf
2. SIRAS does not currently provide a SSO link on its home page. A new button should be added to the Google or OneLogin workspace, which will connect to the SIRAS URL with the correct parameters needed for SSO.
3. SIRAS needs to be configured with parameters from the app
EntityID URL (e.g. https://accounts.google.com/o/saml2?idpid=1234)
Single Sign On Service URL (e.g. same as above)
X509 Certificate (this is a encrypted certificate key file which, usually .pem, which SIRAS will use to trust the SSO provider)
Email Address domain configuration. SIRAS users who will use your SSO need to have the same email address domain(s). (e.g. "@vcoe.edu"). The domain will be used to match the login with the correct parameters for different districts.
4. Limiting password access. If desired we can then disable password-based access to SIRAS for the district, requiring the use of SSO instead.