How to Configure SAML2 Login Settings

This article applies to the following role permissions: ConexED Administrator

This guide provides step-by-step instructions to configure the SAML2 login settings. These steps are designed to be self-service, allowing ConexED Admins to easily configure SAML2 authentication for their institution's users.


Step 1: Accessing the Admin Panel

  1. Log into your ConexED Admin account
  2. Click the gear icon in the top-right corner to access the Admin Panel Click the gear icon in the top-right corner to access the Admin Panel.
  3. In the left-hand side menu, navigate to the Settings tab
  4. Under SSO Login Buttons, check the box next to SAML2/Shibboleth to enable SAML2 authentication
  5. Click Edit SAML2 Settings In the left-hand menu, select the Settings tab. Under "SSO Login Buttons," check the box next to SAML2/Shibboleth to enable SAML2 authentication. Then, click Edit SAML2 Settings.

Step 2: Configuring SAML2 Settings

In the popup, you’ll find two main sections: SAML2 Settings and Federated Attributes.

  • IdP Metadata URI: Enter the URI provided by your Identity Provider (IdP) and click Load to automatically populate the fields
  • IdP Entity ID: Enter the Entity ID from your IdP
  • Log On URL: Input the URL where users will authenticate
  • Log Out URL: Enter the URL where users will be directed upon logging out
  • Certificate: Upload the certificate issued by your IdP for secure authentication
  • Login Attribute: This is typically the user's email address and is mapped to their ConexED username. Special characters will be removed
  • Strip Domain from Login Attribute: Check this box if you want to remove the domain (e.g., @example.com) from the username Configuring SAML2 Settings

Step 3: Mapping Federated Attributes

This section allows you to map attributes sent by the IdP to corresponding fields in ConexED:

  • partner_username: Maps to eduPersonPrincipalName (primary user identifier)
  • email: Maps to the user's email address (mail attribute)
  • fullname: Maps to displayName (user’s full name)
  • role_name: Maps to eduPersonAffiliation (assigns user roles like Faculty, Staff, or Student)
    • You can define role mappings using the role_name RegEx field
  • sis_user_id: Maps to a custom Student Information System (SIS) ID or a unique student ID
  • timezone: Maps to the user's timezone
  • institution_code: Assigns the default institution for users (useful for districts with multiple institutions) Step 3: Mapping Federated Attributes

Step 4: Testing and Saving the Configuration

  • Click Test Login to verify the SAML2 settings are correctly configured
  • After confirming the settings work as expected, click the blue Save button at the bottom of the popup to save your configuration
Step 4: Testing and Saving the Configuration

By following these steps, ConexED Admins can easily configure SAML2 authentication for their institution, streamlining user access and ensuring secure login.