1. Edrolo
  2. Syncing Timetables
  3. With Admin Hub

Set up SAML / SSO in Admin Hub

Use this guide to connect your school’s Identity Provider (IdP) to Edrolo so staff and students sign in with your school credentials.

What you’ll need:

  • Your IdP details from your IT team
    • Provider name
    • Entity ID (issuer)
    • SSO URL
    • X.509 certificate (PEM format)
  • An Admin Hub administrator account in Edrolo

Where to configure:

Dashboard → Authentication → Configuration → SAML / SSO configuration

The page has fields matching your IdP metadata:

  • Provider name
  • Entity ID (issuer)
  • Single sign on (SSO) URL

  • Certificate (X.509, begins with -----BEGIN CERTIFICATE-----)

    Screenshot 2025-11-27 at 7.10.29 pm.png

Step-by-step:

🔗 Need IdP-specific steps?  IdP Configuration: Setting up Single Sign-On (SSO) for Okta, Azure AD, and more.

  1. Open Admin Hub → Authentication
  2. Enter Entity ID (issuer): Copy from your IdP metadata. Looks like a URL or URN.
  3. Enter Single sign on (SSO) URL: Also called Login URL or SAML SSO Service URL
  4. Paste your X.509 certificate: PEM format only. Include the BEGIN/END lines.
  5. Select Enable SSO for all users
  6. Click Validate certificate: Fix any formatting errors if prompted
  7. Click Save SAML configuration
  8. Click Test SAML configuration to verify the flow

Tip: Keep a second admin browser session available in case you need to revert settings.

After SSO is enabled: what changes for your users

  • All users will be redirected to your IdP’s login screen when accessing Edrolo
  • Users will not need to create or remember an Edrolo-specific password
  • New users who exist in your IdP can be provisioned to Edrolo through your usual onboarding and data sync process
  • If your IdP session is active, users may pass through without re-entering credentials

Testing checklist (recommended):

  • Test with one staff and one student account
  • Confirm first login succeeds and lands on Edrolo
  • Sign out of IdP and Edrolo, then sign back in to confirm redirect works
  • Verify a user without access is correctly blocked in your IdP

Troubleshooting:

  • Certificate errors
    • Ensure PEM format and full certificate chain if required
  • ‘Invalid issuer’ or ‘Audience mismatch’
    • Re-check Entity ID and that the IdP app uses the same value
  • ‘Unable to redirect’ or blank page
    • Verify the SSO URL matches your IdP login URL

If issues persist, capture timestamps and screenshots of your IdP and the Admin Hub configuration and contact Edrolo Support.

Rollback:

If you need to temporarily disable SSO, uncheck Enable SSO for all users and Save. Users will be able to sign in with standard Edrolo credentials if previously set up.

Need help?

Reach out to our Edrolo Customer Care Team at help@edrolo.com.au

Articles in this section

Was this article helpful?
0 out of 0 found this helpful