IdP Configuration: Setting up Single Sign-On (SSO)

This guide explains what information your school's Identity Provider (IdP) needs to supply to configure SAML SSO with Edrolo, and where to find it in common IdPs.

Enabling SSO is a straightforward 3-step process:

1. Gather details from your IdP:

Edrolo supports SAML 2.0. Please collect the following from your IdP’s settings:

• Provider Name: A friendly label (e.g., “School Azure AD”).
• Entity ID / Issuer: (e.g., https://sts.windows.net/<tenant-id>/).
• SSO Sign-on URL: Also called Login URL or IdP SSO URL.
• X.509 Certificate: In PEM format, including the BEGIN/END lines.

2. Enter details into Edrolo:

Log in to your Edrolo Admin account and paste the values into the SSO setup form. Ensure the certificate includes the header/footer and original line breaks.

3. Configure Service Provider Details:

In your IdP (Azure, Google, or Okta), use the following values. 

• Identifier (Entity ID): https://edrolo.com.au
• Reply URL (Assertion Consumer Service URL):
  • https://edrolo.com.au/complete/saml/ (Existing)
  • https://app.edrolo.com/complete/saml/ (New - Add this as an additional URL)

4. Go Live and Test

Once you have saved your settings, toggle the SSO setting to Enabled and test immediately:

• Test Login: Try logging in with a test student/staff account in a new Incognito/Private window.
• Verify Flow: Confirm the flow redirects to your IdP and back to Edrolo successfully.
• Emergency Revert: If the login fails, note the specific error code and turn SSO OFF immediately. This ensures your users can still access Edrolo via their standard passwords while we troubleshoot the issue.
  

Where to find SSO details in common IdPs:

Microsoft Entra ID (Azure AD)

• Access Admin centre → Enterprise applications → Create a new app or (select your existing Edrolo app)
• Single sign-on → SAML → Basic SAML Configuration
  • Identifier (Entity ID): https://edrolo.com.au
  • Reply URL (Assertion Consumer Service URL): Add both:
    • https://edrolo.com.au/complete/saml/
    • https://app.edrolo.com/complete/saml/
• Configure Attributes & Claims
  • Under the Attributes & Claims section, select Edit.
  • For the Unique User Identifier (Name ID), apply the following settings:
    • Name ID format: Email address
    • Source: Attribute
    • Source attribute: user.mail

Google Workspace

• Access Admin console → Apps → Web and mobile apps → Add custom SAML app (or find your Edrolo app) In the Service provider details section:
• Make sure the Name ID format is set to EMAIL.
• The Name ID should be set to Basic information > Primary email (This maps the primary email to the email attribute in the SAML response).
• Attributes: Primary email → Email
• SSO URL → SSO Sign-on URL
• Entity ID → Entity ID

• Download IdP certificate (and copy with BEGIN/END lines)

  

Okta

• Access Applications → Create App Integration → SAML 2.0
• In View SAML setup instructions, copy:
  • Identity Provider Single Sign-On URL → SSO Sign-on URL
  • Identity Provider Issuer → Entity ID
  • X.509 Certificate → Certificate

👉 Step by step instruction please follow this guide: 

Troubleshooting:

1.Error AADSTS700016 / Setting up MS Entra

If you encounter this error in Microsoft Entra, it means the Reply URL in the request does not match what is configured in Azure. Check your Basic SAML Configuration in Azure. Ensure both of the following are listed in the Reply URL section:

• https://edrolo.com.au/complete/saml/
• https://app.edrolo.com/complete/saml/

Need help?

Contact your school’s Admin Hub administrator or reach out to our Edrolo Customer Care Team at help@edrolo.com.au