Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Timetable Daily: Setting up the Single Sign On (SSO)

            Modified on Thu, 14 Aug at 12:37 AM

            TABLE OF CONTENTS

            Preamble

            SSO is the helpful and easy to use function that allows users to sign into the Tes Cloud (my.edval.education) using existing login credentials, such as your school login, email, etc. This system allows for a secure connection using one set of login credentials and you will need only to login the one time. With one click of a button, you will be able to sign in and not have to worry about remembering that annoying webcode any longer.

            Introduction

            School users may wish to sign in to Tes Cloud using existing school login credentials  
            Tes can be configured for this using SAML Single Sign On. 

            Preconditions 
            In order to set up SAML Single Sign On (SSO) in Tes , a custom subdomain must be configured for the school. Please contact Tes via edval-cloud.support@tes.com 
            Tes Cloud Team with the subject being “SSO subdomain request” to request configuring your custom subdomain. 
            This Custom Domain will be required to log in via SSO.  

            1. Configuration 
            Tes currently has two options of SAML IdP (Identity provider) to select from: 


            New South Wales Department of Education (DoE)
            The IdP for NSW DoE schools is pre-configured. This option when selected populates as below and the settings can be tweaked if required, by the school.


             Specify IdP metadata (NSW-DoE)

            The IdP for NSW-DoE is automatically generated and does not require an upload.


            Other identity provider

            With this option selected, Non- DoE schools must provide their SAML Identity Provider (IdP) by uploading their XML file & specify all of the settings. Tes does not provide IdP functionality and clients are responsible for the configuration & operation of their IdP. 

            Specify IdP metadata (Other Identity provider)

            The client’s SAML IdP will have some metadata that must be provided to Tes. This is usually done by downloading an XML file from the IdP then uploading it to Tes


            SAML ID type (NSW-DoE and Other Identity provider)
            When a user logs in using SAML the IdP will send the user’s unique ID to Tes specifying which user is logging in. Clients may configure one or more of these IDs to authenticate with.


            The IdP must be configured to send the same kind of ID to Tes.
            The ID types supported by Tes are:
            1. LISS/SIS ID (GUID in Tes timetable file “.etz”)
            2. User code (as specified in Tes timetable file “.etz”)
            3. Statewide ID (Students only)
            4. Admin ID (Teachers only)
            5. Email address (Recommended for DoE)
            If more than one ID type is selected, Tes will attempt to automatically determine the applicable ID type returned by SAML IdP.

            Email address is not recommended for Other IdP as there are often scenarios where students or families have no email address, or an email address is repeated for multiple records. In these scenarios, Tes will not permit login via SAML for those users. However, for DoE schools, we do recommend this as this is the preferred provider used by DoE.

            For Microsoft Entra ID (Azure) setup, Please find the attached PDF at the bottom of this document.
            Please note that the information provided is based on an example observed from one of our existing customers. The setup and implementation may differ from your school’s specific requirements or configuration. We recommend reviewing and adjusting the setup to ensure it aligns with your school's particular needs and expectations


            Disclaimer: The suggestion and recommendation provided is based on an approach that has proven effective for some existing customers in a similar context. However, we cannot guarantee that it will yield the same results in your specific scenario. Each school environment, system configuration, and server setup can vary significantly. Therefore, we advise that you assess and adapt the solution according to your unique requirements and infrastructure.
            We do not have the instructions for every system on how to set up. Due to the wide range of systems and configurations in use, we are unable to provide setup instructions for every possible environment. For further assistance, please consult with your Identity Provider (IDP), as they will be best positioned to support you with this matter

            Login/Logout behaviour

            Tes supports two custom behaviors for users logging in or out.

            Bypass WebCode login

            This option will automatically redirect users from Tes login screen to the IdP login screen. When this is enabled, users will no longer be able to log in using WebCode. (Screenshot attached is from NSW-DoE login)


            If this option is not selected, users will be presented with the ordinary webcode login. An additional option will be present for them to log in using SAML instead. Screenshot below


            Disable Webcode Login

            When school disables WebCode, the following buttons in Admin->users for the staff and Students will be hidden
            1. "Issue/Reissue WebCode" button
            2. "Send WebCode" button
            Schools that wish teachers not to use the Tes WebCode but instead only be able to access the single sign On SAML login page then they can tick this option as it will disable the Tes login page and because of this option, the buttons that schools usually issue WebCode will also be hidden.





            The login page would still be visible however, the users (Teachers) would not be able to login using their webcode. The users instead would click on the “Log in using single sign-on" as per below screenshot
            However, if the school needs to issue/reissue webcode then the ‘Disable webcode login’ must be unticked.
            With “Disable Webcode Login” ticked, students and parents will also not be able to login using SSO unless they have an account with SSO provider.


            Use single logout 

            This option will cause users to log out of all linked services when they sign out of Tes. By default (unticked) when a user signs out of Tes they will remain signed in to all their other services. When this is ticked and a user sign out, a message is sent from Tes to the IdP causing the user to be logged out of all other services.

            Redirect after logout

            School can tick this option and add their own custom redirect URL.


            Upload SAML Service Provider metadata (Only other Identity provider)

            This option does not apply to NSW-DoE schools, as the metadata is processed automatically by DoE in the back end. This only needs to be downloaded and processed by other identity providers.

            After Tes has been configured, an XML file will become available for download. This is Tes SAML Service Provider metadata for your SSO configuration. This file must be uploaded to the IdP as part of configuring the IdP to integrate with Tes SSO.


            How to access your IDP dashboard

            You will also be able to access Tes through your IdP dashboard, for example for DoE schools it will look something like below:

            Reporting Issues

            To report an issue, please use the ‘Get Help!’ option within the Tes product to send a support request, with a subject line ‘SSO issue’.


            FAQs

            1. How does it work? The first time you login, the system will redirect you to your login page of your identity provider. Once you have logged in, every time you come back to login, you will only need to click your button, or it can be configured not to press a button at all.
            2. How safe is it to use? It is completely safe to use, as long as nobody knows your login credentials and we do not store your login credentials.
            3. How do I get started with this? Please submit a ticket to edval-cloud.support@tes.com requesting access to SSO.
            4. Are there any prerequisites? All you need is access to Tes Cloud and an Identity Provider.
            5. Which IdP is not supported at the moment? ADFS is not supported at the moment on version 1.
            6. What happens to webcodes? Webcodes can still be assigned to the staff and used to login.
            7. Will I need to update this when I rollover? Rolling over to the next year will not affect your SSO login.
            8. Why isn’t SSO working in the new year? You will first need to conduct your rollover and sync your timetable file to the Edval web server. The data for SSO is pulled from the data that is synced from your timetable file.
            9. Can I switch year as a student when using SSO to login? SSO allows for students to login and change the year they are looking at instead of using a webcode for each year.
            10. Can I use one IDP license with multiple Timetable Daily school campus'? No this is not possible. You will need an additional IDP license for additional instance of Timetable Daily.
            11. Can I configure SSO for Interviews parent login? Yes, however only via the email address SAML type. 

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0