Single sign on (SSO) can be connected to SIRAS user logins via a Google, OneLogin, or other SSO workspace with the following procedure:
1. In the SSO Provider Workspace (Google workspace admin), a new SIRAS "app" will need to be created. (Add App > Add custom SAML app)
Parameters for the app should be setup initially to connect to the Training Server URL for testing purposes. Once testing is complete we will reconfigure this for production.
Substitute the appropriate URL below.
- VCOE Siras - Training: https://sirastraining.vcoe.org - Production: https://siras.vcoe.org
- Kern Siras - Training: https://training.siras-kern.org - Production: https://siras-kern.org
- Main (all other SELPAs) Siras: Training: https://training.sirassystems.org - Production: https://sirassystems.org
EntityID
https://training.sirassystems.org/sso/metadata.jsf
Login URL / ACS URL / Recipient
https://training.sirassystems.org/sso/acs.jsf
Logout URL
https://training.sirassystems.org/sso/logout.jsf
2. A button for this "app" should be added to the SSO Workspace, which will connect users to the SIRAS URL with the correct parameters needed for SSO. Users will need to access this button via the workspace or other district-provided area. Siras does not provide a a "Login with SELPA/district X SSO" login page or button, due to the requirement to support many different providers and workspaces.
3. SIRAS needs to be configured with these parameters:
- EntityID URL (e.g. https://accounts.google.com/o/saml2?idpid=1234)
- Single Sign On Service URL (e.g. same as above)
- X509 Certificate (this is a encrypted certificate key file which, usually .pem, which SIRAS will use to trust the SSO provider)
- Domain name
4. Limiting password access option. If desired we can then disable password-based access to SIRAS for the district, requiring the use of SSO instead.
Requirements:
- SIRAS User must have the same Email address as the Google/365/Onelogin account.
- All email addresses must belong to the domain which we have configured to correspond to the credentials. (e.g. "@sirassystems.com")