Note: This document references views and actions that are only available to Echo Administrators
SAML authentication can be used to establish a secure single sign-on (SSO) connection between Echo and an external identity provider (IdP). Example, Google. Echo support the use of Single Sign-on (SSO) features to allow users to sign into one application (for example, a student information system) and be automatically logged into Echo without needing to re-enter credentials. This feature can help eliminate the need for teachers an students to remember multiple credentials sets.
Glossary of Terms
|Identity provider (IdP)||The IdP is used to identify users based on
credentials. The IdP provides the login
screen interface and presents information
about the authenticated user to the SP
after successful authentication.
Examples: Google Apps, ADFS,
||Information about the SP or IdP, often
referred to as the SP metadata or IdP
metadata. This metadata should provided
in the form of XML and is used to inform
each other (SP and IdP) about the settings
and URLs of the other.
|Security Assertion Markup Language
|An XML-based, open-standard data format
for exchanging authentication and
authorization data between parties, in
particular, between an IdP and a SP.
|Service provider (SP)
||An SP is a website providing information
and other tools to the authenticated user. For these instructions, Echo is the SP.
|Single sign-on (SSO)
||An authentication service that permits a
user to use one set of login credentials
(e.g., username and password) to access
Setting Up SAML Authentication
To set up your SAML authentication: For Google specific please see this doc: How do I set up a custom SAML application using Google SSO
1. Access the SP (Echo) metadata file using the following URL (replace the bold text with your userspace name):
2. Go to your IdP and create a new SAML configuration. Each IdP is different in how to configure and setup a new SAML configuration and you may need to consult an expert (or the internet).
3. The IdP will then ask to either (a) enter, (b) upload, (c) copy and paste, or (d) provide the URL to the SP metadata (see step 1). If optional, enter the URL as it could dynamically pull the information into the IdP from the SP, reducing the need for future changes.
4. Once configured and available in your IdP, download the IdP metadata file.
5. Rename the downloaded IdP metadata file to idp-meta.xml .
6. Complete the SAML steps in below using the idp-meta.xml file in step three
7. Attempt to login to Echo using your new SAML integration.
NOTE: Some IdPs do not allow for their service to be loaded inside of another webpage. If your IdP does not load (e.g., blank screen), you may need to select "Open in new window" when configuring the SAML integration in step 6.
Enabling SSO in Echo
- From the domain detail page, select Edit Settings
- Select Authentication panel.
- Open the Authentication type dropdown:
- If you use CAS, provide the CAS server URL.
- If you use SAML, choose the signature algorithm you want to use and upload the idp-meta XML file. Your SAML provider can tell you which signature algorithm to use; if you can use either, we recommend SHA-256 as it is more secure.
- If you use an integration tool you may be required to enter the appropriate ID
- Domain allows you to point to another domain to use the other domain's SSO configuration. For example, if you configure SAML in a district domain and it is the same SAML to be used for each school (because the users in the SAML is all district users), you can point the school domain to use the districts SAML configuration.
Make sure to select select Open login in a new window
Echo is constantly being improved based on the feedback from users and we strive to keep our documentation up to date. If this document doesn't match what you are seeing in Echo, please let us know.