Single Sign-On authentication enables your students and staff to get logged into Satchel using the login credentials that they are already accustomed to. Logging in using a Single Sign-On method eliminates the need for maintaining and distributing a new set of login details, making our platform easier to implement.
You can enable, disable, and amend your SSO settings by going to Admin > Settings > Single Sign-On.
We integrate with:
Active Directory (LDAP)
To integrate with Active Directory, we need to link your Satchel and Active Directory accounts either by email address or by MIS ID. One of these values must be stored in both AD and Satchel. Our platform will likely already have both stored, so please ensure one of those two values are imported to your AD.
Set up a bind user for Satchel with read-only access to your OUs
Authorise our IP addresses to connect to the Active Directory server: 126.96.36.199
Go Admin > Settings > Single Sign-On to enable Active Directory and select the users who should be able to log in this way.
Enter the following details
- IP address of your AD server
- Port (e.g. 636). Enable SSL if using this protocol.
- The details of the bind users you created in step 1.
- LDAP/AD base (e.g. ou=teachers,dc=school,dc=com|ou=students,dc=school,dc=com)
- AD attribute used for usernames, e.g. sAMAccountName
- AD attribute used emails e.g. mail - OR - AD attribute user to store MIS IDs, e.g. customfield01
If you decide to bind users based on email address, please ensure the emails are up today on both your Active Directory server and our platform. Update emails.
Once these details have been saved, users will be able to login via our login page using their usual computer logon name and password.
In order for users to log in with Google Single Sign-On, we simply need to ensure that we have their correct Google email address on file.
Once the emails have been updated, you will just need to press the Sign in with Google button on our login page. If you are already signed in to your Google account, you will be taken straight through to your Satchel account. Otherwise, you will be prompted to enter your Google email and password first.
In order for users to log in with Office 365, we simply need to ensure that we have their correct Office 365 email address on file.
Once the emails have been updated, you will just need to press the Sign in with Office 365 button on our login page. If you are already signed in to your Office365 account, you will be taken straight through to your Satchel account. Otherwise, you will be prompted to enter your O365 email and password first.
If you are already using our platform, you simply need to download the app within RM Unify and add it to your launchpad. This will allow you to click the tile to log straight into Satchel. Please follow the simple steps below in order to get this set up.
First, check that your RM Unify is fully MIS Synced and Matched. You can do this by visiting your RM management console (as an administrator) and clicking on the MIS Sync Settings tab.
Go Admin > Settings > Single Sign-On to enable RM Unify and select the users who should be able to log in this way.
Copy the RM app establishment key.
Use the key to download the Satchel app through your RM app library
Once the app has been installed, any user can simply click on the Show My Homework tile from your RM launchpad to log you straight into our platform. Similarly, they can press the RM Unify button on our login page.
💡 Please note, a user's role in RM Unify must match what we have on our system for a user to successfully log in; i.e. teaching staff must be marked as Teacher on both RM Unify and Satchel One.
⚠️ Scottish schools usually use the RM Unify SSO with their Glow credentials. If any of your teachers work across two Satchel One schools, they can only use their Glow email and the above SSO for one school at a time. If you have any queries on this, please contact our support team.
Why set up Single Sign-On Authentication?
Single Sign-On authentication enables your students and staff to get logged into Satchel using the login credentials that they are already accustomed to. This eliminates the need for maintaining and distributing a new set of login details, making our product easier to implement and manage!
Do you integrate with ADFS?
Unfortunately, we do not integrate with ADFS for Active Directory at the moment, only LDAP.
Will we be able to use two Authentication methods simultaneously?
Certainly. You can use multiple SSO methods simultaneously.
Can users log on the SMHW app using a Single Sign On method?
Absolutely! All Authentication methods outlined above are now also available on both the iOS and Android apps.
Can users still use their previous credentials to login?
Satchel credentials will still work for users who had previously had these set up, these can be entered via the normal login method. However with SSO enabled, they won't be able to change the password if they need to as the "password reset" emails will be disabled.