This guide explains what information your school's Identity Provider (IdP) needs to supply to configure SAML SSO with Edrolo, and where to find it in common IdPs.
Enabling SSO is a straightforward 3-step process:
1. Gather details from your IdP:
Edrolo currently supports SAML 2.0. Please collect the following information from your IdP’s SAML settings:
- Provider Name – a friendly label, e.g. “Contoso School Azure AD”
-
Entity ID / Issuer – sometimes called IdP Entity ID or Issuer URI (e.g.
https://sts.windows.net/<tenant-id>/) - SSO Sign-on URL – also called Login URL or IdP SSO URL
-
X.509 Certificate – your IdP’s signing certificate in PEM format, including the header/footer lines:
-----BEGIN CERTIFICATE----- …base64 content… -----END CERTIFICATE-----
2. Enter details into Edrolo:
Log in to your Edrolo Admin account and paste the values into the SSO setup form.
⚠️ Make sure the certificate is formatted correctly:
- Include header/footer lines
- Keep original line breaks
- Do not paste the private key
3. Test and confirm:
Once saved:
- Try logging in with a test student account.
- Confirm the SSO flow redirects to your IdP and back to Edrolo.
- When successful, let us know and we’ll confirm on our side.
Where to find SSO details in common IdPs:
Microsoft Entra ID (Azure AD)
- Access Admin centre → Enterprise applications → Create a new app or (select your existing Edrolo app)
- Single sign-on → SAML → Basic SAML Configuration
- Identifier (Entity ID): https://edrolo.com.au
- Reply URL (Assertion Consumer Service URL): https://edrolo.com.au/complete/saml/
- Configure Attributes & Claims
- Under the Attributes & Claims section, select Edit.
- For the Unique User Identifier (Name ID), apply the following settings:
- Name ID format: Email address
- Source: Attribute
- Source attribute: user.mail
Google Workspace
- Access Admin console → Apps → Web and mobile apps → Add custom SAML app (or find your Edrolo app) In the Service provider details section:
- Make sure the Name ID format is set to EMAIL.
- The Name ID should be set to Basic information > Primary email (This maps the primary email to the email attribute in the SAML response).
- Attributes: Primary email → Email
- SSO URL → SSO Sign-on URL
- Entity ID → Entity ID
-
Download IdP certificate (and copy with BEGIN/END lines)
Okta
- Access Applications → Create App Integration → SAML 2.0
- In View SAML setup instructions, copy:
- Identity Provider Single Sign-On URL → SSO Sign-on URL
- Identity Provider Issuer → Entity ID
- X.509 Certificate → Certificate
👉 Step by step instruction is please follow this guide:
Troubleshooting:
1.Error AADSTS700016 / Setting up MS Entra
If you encounter “AADSTS700016” during SSO, it means the tenant can’t find the app the SSO request is targeting. Work through the steps in order.
1) Most common cause: App not created in the tenant
What to check
- School admin to open Microsoft Entra Admin Center.
- Go to Enterprise Applications.
- Search for their “Edrolo” app.
If it’s not there
- Create the app:
- Enterprise applications → New application → Create your own application
- Name: “Edrolo”
- Choose “Integrate any other application you don’t find in the gallery”
- Continue to set up Single sign-on with SAML
2) Configure SAML basics (must exactly match)
In the school’s Edrolo Enterprise application:
- Single sign-on → SAML → Basic SAML Configuration
- Identifier (Entity ID): https://edrolo.com.au
- Reply URL (Assertion Consumer Service URL): https://edrolo.com.au/complete/saml/
From the SAML page, copy the school’s IdP values back into Edrolo Admin:
- Login URL → SSO Sign‑on URL
- Azure AD Identifier → Entity ID
Certificate
- Download “Certificate (Base64)”
- Open in a text editor and copy everything including:
- ----BEGIN CERTIFICATE-----
- …content…
- ----END CERTIFICATE-----
- Paste into Edrolo’s SSO certificate field exactly as‑is
- Do not include any private key
Need help?
Contact your school’s Admin Hub administrator or reach out to our Edrolo Customer Care Team at help@edrolo.com.au