You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
You are viewing the article in preview mode. It is not live at the moment.
Home > Support Center > SIS Integration > Connecting SIRAS to SSO
Connecting SIRAS to SSO
print icon
Sep 05, 2025

SIRAS Single Sign-On (SSO) Configuration Guide

In your IdP’s admin console, create a custom SAML application for SIRAS.

  • Google Workspace: Apps → Web and mobile apps → Add custom SAML app
  • Microsoft Entra (Azure AD): Enterprise applications → New application → Create your own application
  • OneLogin: Applications → Add App → SAML Custom Connector (or equivalent)

Tip: Start with your Training SIRAS URL for testing. After validation, update the same app to point to Production.

2. Required SIRAS URLs

Substitute the appropriate {server URL} for your SELPA/district.

EntityID

https://{server URL}/sso/metadata.jsf

Login URL / ACS URL / Recipient

https://{server URL}/sso/acs.jsf

Server URLs by Region

Region Training Production
VCOE SIRAS https://sirastraining.vcoe.org https://siras.vcoe.org
Kern SIRAS https://training.siras-kern.org https://siras-kern.org
Main (all other SELPAs) SIRAS https://training.sirassystems.org https://sirassystems.org

Leave other SAML parameters (e.g., Sign-On URL, Logout URL) blank or at their defaults unless explicitly required by your IdP.

3. Provide Access for Users

SIRAS does not display a "Login with SSO" button on its homepage. Publish the SIRAS SSO application to your IdP’s user portal or dashboard (e.g., Google App Launcher, Microsoft “My Apps”). Users should launch SIRAS from that published app.

 

4. Provide IdP Metadata to SIRAS

Share the following values from your IdP with the SIRAS team (or configure in SIRAS if you have access):

  • Entity ID URL
    • Google example: https://accounts.google.com/o/saml2?idpid=abc1234
    • Microsoft example: https://sts.windows.net/abc1234/
  • Single Sign-On (SSO) Service URL
    • Google example: https://accounts.google.com/o/saml2/idp?idpid=abc1234
    • Microsoft example: https://login.microsoftonline.com/abc1234/saml2
  • X.509 Certificate (Base64-encoded; usually a .pem file)

5. (Optional) Restrict Password Logins

Districts may choose to disable password-based logins in SIRAS after SSO is enabled. This requires all users to authenticate via SSO only.

6. Account and Email Requirements

  • Each SIRAS user’s email must match their SSO account email.
  • All user email addresses must belong to the domain configured for your district’s SSO (for example, @yourdistrict.edu).

7. Microsoft Entra / 365 Specific Notes

  • Use Properties → User Access URL for the login link (typically begins with https://launcher.myapps.microsoft.com/)
  • Provide SIRAS with the Certificate (Base64).
  • Leave Sign-On URL blank (configure only Entity ID and Reply URL as applicable).
  • Ensure an attribute/claim mapping for email exists (for example, emailaddressuser.mail).
  • Assign users (or groups) to the SIRAS application as required by your tenant policies.

8. Additional Notes

  • When SSO is used, SIRAS password reset requirements are not evaluated.
  • Users may still be blocked by SIRAS policy if they have not logged in for an extended period.
  • SSO login updates the last login date on the user account in SIRAS.
  • Logging out of the IdP does not automatically log the user out of SIRAS. Normal SIRAS logout behavior and session timeouts still apply.

For more assistance, contact your SIRAS support representative.

close button
scroll to top icon