Overview:
This article explains what to check before enabling SSO so that accounts link correctly and learning data remains available.
Read Before Enabling SSO:
Enabling SSO changes how people sign in. Confirm your users’ emails match your school’s SSO domain before turning it on.
Checklist:
Only proceed once all conditions below are met:
-
Every user’s account email exactly matches your school’s SSO domain
e.g. If your domain is school.edu.au, users must have emails like name@school.edu.au.
-
No personal or mismatched emails
e.g. Gmail, Hotmail, or outdated domains are not supported under SSO.
-
Accounts updated if your school changed domains
e.g. From old-domain.edu.au → new-domain.edu.au.
-
Plan in place to fix or re-provision non-matching accounts
Options include bulk update or timetable re-upload with correct domain emails.
-
Stakeholders are informed
Communicate clearly that after SSO is enabled, users sign in via SSO and previous passwords will no longer work.
How SSO Works with Edrolo:
- Edrolo matches incoming SSO logins to existing accounts using email address.
- If matched, the user logs in normally. Progress and enrolments are retained.
- If no match is found, login fails and no account is created.
- Inactive accounts are reactivated on first SSO login.
If Emails Don’t Match:
- Users see an error message and cannot log in.
- No new account is created.
- Admins must either:
- Update the email on the existing account to match the SSO domain, or
- Re-provision the account via timetable upload with correct domain
Tip: Run a small pilot before full launch to identify mismatches early.
Tasks to Complete Before Enabling SSO:
-
Check user emails
- In Admin Hub > User Management, verify that each email matches your official domain
-
Fix mismatched accounts
- Update manually or re-provision via timetable upload
-
Communicate the change
- Let users know when SSO will go live and what to expect
-
Final validation
- Spot-check a few users for email accuracy
- Test with a small group before enabling school-wide
What Changes After SSO Is Enabled:
- Users must sign in using SSO
- Previous passwords will no longer work
- Inactive accounts are reactivated on first login
- The SSO email becomes the user’s primary login identifier
Troubleshooting:
- User can’t sign in with SSO→ Check that their email matches the SSO domain exactly
- User logs in, but sees no progress→ They may be using a different email; verify it's the same one linked to their Edrolo account
- Mixed domains in user list→ Bulk update or re-upload accounts with correct email domains
Need to Turn Off SSO?
If widespread issues occur, you can disable SSO in Admin Hub:
- Go to Authentication → Configuration → SAML / SSO
- Uncheck “Enable SSO for all users”, then click Save
When disabled:
- Users can log in with their previous Edrolo passwords
- SSO config is saved and can be re-enabled later
- Users without passwords must use “Forgot password” to set one
See full SSO setup instructions-> Set up SAML / SSO in Admin Hub
Frequently Asked Questions:
Q: Will progress be lost after enabling SSO?
A: No. As long as emails match, all data is retained.
Q: What if a user has a personal or old email?
A: Update their email to the current school domain before enabling SSO.
Q: What if our school recently changed domains?
A: Update all account emails or re-provision accounts with the new domain before enabling SSO.
Q: Are new accounts created automatically if there's no match?
A: No. If no match is found, login is blocked. Users must contact admin to fix the email mismatch.
Need Help?
Reach out to Edrolo Customer Care Team at help@edrolo.com.au