SAML SSO - I'm using another system
Before you read these instructions, make sure you've read our guide: How can I setup SSO between my school and Grok?
The below information is designed to help you set up SAML2 SSO if your identity system is something other than Azure AD. If you are using Azure AD, go back to the FAQ above and select "I'm using Azure AD" instead.
Guide for setting up SAML2 SSO: using another identity provider
As described in our metadata, here's the SAML attributes we're setup to receive from our other many other SAML2 identity providers:
|SAML2 attribute name
| gn (required)
|The given name (first name) of the user.
| sn (required)
|The surname (last name) of the user.
|The common name (full name) of the user.
| mail (required)
|The email address of the user. This is assumed to be unique over time.
|The username of the user within your Identity Provider. This is assumed to be unique over time. This attribute is mostly applicable to universities.
| guid (recommended)
|The transparent primary key of the user within your Identity Provider. This is assumed to never change over time and is guaranteed to be unique.
|A multi-valued attribute that allows Grok to accept incoming groups. The SSO team can configure SSO to extract information from and/or use the group names to map to other attributes.
"Class of 2029"
| yearLevel (recommended)
|For students, their current scholastic year as a number between 0 and 13, inclusive.
|For students, the calendar year that will be their final year of schooling (their graduation year)
|Either "student" or "staff", informing Grok whether the incoming user is a "Student" or "Teacher"
You will need to setup your SAML configuration to provide a subset of these values. If you're not sure where to start, populating the 'recommended' attributes is what we'd prefer, and will guarantee we have sufficient information to allow both students and teachers to be correctly configured.
Contact our SSO team at firstname.lastname@example.org for further instructions.