How can I setup SSO between my school and Grok?

Grok Academy supports SAML2 for SSO. Most mainstream Identity Providers support SAML2. The largest providers are Azure AD (Microsoft), ADFS (Microsoft), and G Suite (Google). If your institution has a way to provide SAML2 access, our SSO team can help you setup SSO to Grok.

The following documentation is designed for system/network/IAM administrators.

If you have any questions about any of the following, please contact our SSO team at

The process for setting up SSO is as follows:

  1. Create the SAML2 application/integration/config in your Identity Provider
  2. Contact the Grok SSO team at, providing:
    1. your metadata URL(s)
    2. the SAML attributes you've configured
    3. a high resolution image of your school's crest/logo (preferably in .png ) to be listed on
  3. Once the necessary changes have been made by the Grok SSO team, test the integration on our staging server. (staging server details will be provided by the Grok SSO team)
  4. Your integration is then deployed to production.
  5. Test it again on production as a sanity check.

When setting up SSO to Grok, you will first be asked to setup a SSO connection to the Grok staging environment, so that the Grok SSO team can check that your integration is working as expected. Once they've given you the green light, you will then be asked to add another integration to the Grok production environment.  You won't be able to access production until the SSO team has approved the integration in staging.

Minimum requirements for SAML2 SSO

In order for your institution to be able to do SAML2 SSO with Grok, your Identity system must fulfil the following requirements:

  • Each user must have a name and an email address.
  • You must have a way to distinguish between students and teachers. This could be based on group membership, based on email domain, or something else.
  • You must have a way to identify the scholastic year of students, that's consistent across time (e.g. this particular group ID or field will always indicate that the incoming student is in grade 10).

If these things are true, and you have a way to provide SAML2 SSO, then you should be right to setup SSO to Grok.

Setting up SAML2 SSO

To set up the integration with your Identity Provider, you will need our SAML2 metadata XML. We provide two sets of metadata XMLs: one for staging and one for production. Please begin with the staging metadata and switch to the production metadata only after being instructed by our Grok staff.

You can find our SAML2 metadata at the following URLs:

Please follow one of the following guides for setting up SAML2 SSO.

Note that these guides are aimed at singular school integrations. If you are providing SSO for more than a single school (e.g. you're a state Department of Education), please contact our SSO team to work discuss how to send through school identifiers for your jurisdiction.

Guides for setting up SAML2 SSO

Still need help? Contact Us Contact Us