After configuring ParentSquare as a SAML service provider, permission can be given by User or Group/Portal Group.
For the initial setup, ParentSquare needs to be configured as a SAML Service Provider. Work with ParentSquare to complete the configuration per the SAML documentation.
- (ParentSquare) After the district is created in ParentSquare, SAML Links are provided to the district.
- (District) Sets up the SAML Configuration and provides the meta-data URL back to ParentSquare
- (ParentSquare) Completes the configuration by putting in the certificate details to complete security setup for SSO
- (District) Test SSO
ParentSquare Provides the SSO URL’s
ParentSquare provides the following two URLs to the district
Entity_id URI: https://www.parentsquare.com/saml/<district_identifier>/metadata
Asserting Consumer Service URL: https://www.parentsquare.com/saml/<district_identified>/consume
District configures SAML (documentation here)
Note: When you add the Service Provider. Please use the following settings
1. Display Name: ParentSquare (need to exactly match this)
2. Enter the Entity Id URI and Assertion Consumer Service URL as provided.
3. Check the Sign SAML Response? and Allow Aeries to Initiate SSO? boxes.
4. Hit save
5. Provide the metadata URL back to ParentSquare.
ParentSquare Updates the Security Configuration
After the meta-data url has been provided, ParentSquare will update the security configuration and the system should be ready for testing SSO.
ParentSquare will need access to the District API to pull the Students, Users, Staff, Classes etc. You may use an existing certificate or create a new one. Instructions for creating an API certificate are here.
You may use the ParentSquare-Aeries field mapping as a guide for giving the proper permissions to ParentSquare