Overview

Security

Configurations


Overview

Navigate to Security > SAML Configuration > SAML Service Provider


SAML Service Provider allows ClassLInk users to SSO into Aeries without further authentication. 



Security  

SAML configuration is an Admin only function.


Configurations  

Configuring the Service Provider consists of entering settings for the Aeries side of the SAML connection as well as the Third-party application settings. This section provides information for configuring the Aeries connection URL's and certificate security for local-hosted districts, and adding an Identity Provider. Hosted districts should contact Aeries support for assistance with certificate configurations.


 

  • Entity ID (Base URL) - This will be the Entity ID that Aeries uses. It should be a valid Aeries instance base URL. By default, the current base URL will display.

   Note: The Entity ID URL may be treated as case-sensitive by an IdentityProvider.

  • SSO URL and Metadata URL - Displays based on the Entity ID URL. This information is read-only and may need to be provided to Identity Providers for configuration.



A signing certificate can be provided in two ways:

  • Select Certificate from Server: Displays a list of existing certificates on the web server. A certificate is included only if Aeries can read the private key. In this case, the certificate itself remains on the server, and the thumbprint is stored in the database so it can be looked up by the SAML service.
  • Upload a Certificated: Upload a .pfx file, which must be password-protected. In this caswe, the certificated is encrypted and stored entirely in the database.


Select the 'Add' button to add ClassLink as an Identity Provider



Select 'Import Metadata'. Enter the URL and select 'Get Metadata'. 


The information from the Identity Provider will populate the form. Enter a Display Name. 


The Disabled? option will disable SSO from this Identity Provider.


From the District level, the School Info > School Options > Portal Settings option 'Allow Parent/Student to log in to Aeries from ClassLink' must be checked to allow user access.