SAML Single Sign-On Implementation Guide

Single sign-on is a process that allows network users to access all authorized network resources without having to log in separately to each resource. Single sign-on allows you to validate usernames and passwords against your district user database or other client application rather than having separate user passwords managed by Classworks.

Classworks offers single sign-on by federated authentication using Security Assertion Markup Language (SAML) 2.0. When federated authentication is enabled, Classworks does not validate a user’s password. Instead, Classworks verifies an assertion in the HTTP POST request, and allows single sign-on if the assertion is true.

Since Classworks does not validate a user’s password, Classworks uses the user’s login credentials from an external service provider to establish authentication credentials. When you have an external identity provider and configure single sign-on for your district, Classworks is then acting as a service provider.

Federated authentication is not available for district hosted customers. District hosted customers should migrate to the Classworks cloud services option.

Benefits of Single Sign-On
  • Reduced Administrative Time: With single sign-on, users only need to memorize a single password to access both network resources or external applications and Classworks. When accessing Classworks from inside the district network, users are logged in seamlessly, without being prompted to enter a username or password. When accessing Classworks from outside the network, the users’ network login works to log them in. With fewer passwords to manage, system administrators receive fewer requests to reset forgotten passwords.
  • Leverage Existing Technology Investment: Many districts use a central LDAP database to manage user identities. By delegating Classworks authentication to this system, when a user is removed from the LDAP system, they can no longer access Classworks. Consequently, users who leave the district automatically lose access to district data after their departure.
  • Time Savings: On average, a user takes 5 to 20 seconds to log in to an online application; longer if they mistype their username or password and are prompted to reenter them. With single sign-on in place, the need to manually log in to Classworks is avoided.
  • Increased User Adoption: Due to the convenience of not having to log in, users are more likely to use Classworks on a regular basis.
  • Increased Security: Any password policies that you have established for your network will also be in effect for Classworks. In addition, sending an authentication credential that is only valid for a single use can increase security for users who have access to sensitive data.