Single-Sign-On, or SSO, allows student, faculty and administrative users at your school to log into Osmosis using their school credentials. You can learn more about how SSO works here. Osmosis supports SSO through the SAML 2.0 protocol.
These are some of the SAML-based IDP’s that our partner schools have used to set up an SSO connection with us; if your IDP isn’t listed but supports SAML 2.0 please connect us with your IT team and we’ll look into supporting your IDP as well. (A complete list of SAML-based IDP’s can be found here.)
Here is a list of SAML-based products and services, one or more of which may be used at your school.
Osmosis (the Service Provider or SP) requires the school (the Identity Provider or IDP) to pass the student email or a unique identifier (sent as subject-id) as attributes as part of the SSO implementation. This is an IDP-initiated SSO process.
Basic process for implementing SSO with Osmosis for your school:
Partner School shares their FederationMetadata.xml file with Osmosis.
Osmosis shares their FederationMetadata.xml file with the school.
Osmosis creates a test account in the Osmosis DB.
School uses that same account to log into Osmosis using the new SSO end point.
School approves eligible users in school's active directory.
Osmosis implements SSO on the production site and redirects, from osmosis.org, eligible School users to the school portal for authentication: