Administrator

How do I enable Single Sign-On (SSO) in Buzz?

Follow
Ryan Richins
  • Agilix team member

During the summer of 2017, we released a new Buzz UI, giving you the same features and functionality with a cleaner, simpler user experience!

Until all users have switched to the new UI, our Help Center articles will include information for both. 

Click the header below that aligns with the Buzz UI version you are using (Old UI or New UI); if you don't know which version you are using, review the differences and/or contact your system admin or Agilix account manager

Old UI

Enable users to sign into Buzz with their school credentials.

Buzz supports the use of Single Sign-on (SSO) features to allow users to sign into one application (for example, a student information system) and be automatically logged into Buzz without needing to re-enter credentials. This feature can help eliminate the need for teachers and students to remember multiple credential sets.

Configure SSO

  1. Open Settings in the Domain toolbar.
Configure SSO
  1. Select Integrations.
  2. Open the Authentication type dropdown under Authentication:
    • If you use CAS, provide the CAS server URL.
    • If you use Domain, provide the Domain ID and you can use that domain's SSO configuration. For example, if you configured SAML in a district domain, you can point to that school domain to use the district's SAML configuration.
    • If you use SAML, choose the signature algorithm you want to use and upload the idp-meta XML file. Your SAML provider can tell you which signature algorithm to use; if you can use either, we recommend SHA-256 as it is more secure.
  3. Indicate whether you want to prevent users from logging in with Buzz credentials.
  4. Save.
New UI

Enable users to sign into Buzz with their school credentials.

Buzz supports the use of Single Sign-on (SSO) features to allow users to sign into one application (for example, a student information system) and be automatically logged into Buzz without needing to re-enter credentials. This feature can help eliminate the need for teachers and students to remember multiple credential sets.

Configure SSO

 

  1. Open the side menu in Domain > Details.  
  2. Select Edit Settings.
  1. Select Integrations.
  2. Open the Authentication type dropdown under Authentication:
    • If you use CAS, provide the CAS server URL.
    • If you use Domain, provide the Domain ID and you can use that domain's SSO configuration. For example, if you configured SAML in a district domain, you can point to that school domain to use the district's SAML configuration.
    • If you use SAML, choose the signature algorithm you want to use and upload the idp-meta XML file. Your SAML provider can tell you which signature algorithm to use; if you can use either, we recommend SHA-256 as it is more secure.
  3. Indicate whether you want to prevent users from logging in with Buzz credentials.
  4. Save.

Comments (14)

Sort by
Tami Warnick

How do you replace the existing xml file with this new one through the IDP? Where do you locate the IDP?

Brad Marshall
  • Agilix team member

Hello Tami. If you are transitioning from BrainHoney, the IDP file is generally stored in the domain resources (see Manage Resources) in a folder titled IDP.

Tami Warnick

Brad - Does turning on the SSO always redirect the students to the https:// protocol?  We have students go to our SIS - Genius and then login to Buzz using the Single Sign on.  They are being directed to the https:// of Buzz and it is causing issues with students not being able to see course content from FYI or CLO (linked through LTI).  If they login directly to Buzz they are directed to the http:// protocol and do not have any issues view this content.  Is there a way to fix this? 

Brad Marshall
  • Agilix team member

Hey Tami, before I provide you with an answer, I just want to emphasize that we recommend that your content providers become https compliant. While they may not be today, they should work towards it. Google and many other browser technologies penalize these practices and penalize even more in the future (i.e., limit usage without extreme warnings).

To answer your question, your SSO should redirect the user to the protocol that the user accessed Buzz.

For example:

  • If you went to http://domain.agilixbuzz.com, and then selected "Sign In," the SSO should send the user back to http://domain.agilixbuzz.com.
  • If you went to https://domain.agilixbuzz.com, and then selected "Sign In," the SSO should send the user back to https://domain.agilixbuzz.com.
Tami Warnick

Brad - it seems that something is amiss with my SSO then.  My student information system is set up to sign students on at the http:// site.  This seems to work for Teachers and Administrators but for students they are taken to the https:// site instead.  I have double checked with my SIS company and they confirm that it is set to direct to the http:// for students.  Could I have done something wrong in the SSO set up in Buzz? 

Thanks for your help.

Brad Marshall
  • Agilix team member

Hey Tami, that doesn't quite make sense. Buzz should be using the same protocol for all users. I would recommend that you create a Support request to look into it for you. They would be able to help look at your current settings and provide suggestions.

Thanks.

Tami Warnick

Brad - with the help of my SIS and Jordan we were able to get this issue resolved.  

Thanks

Brad Marshall
  • Agilix team member

I am very happy to hear that. Thank you for letting me know.

Burt Lo

Trying to set up this feature using Google SSO. Can you provide me with:

  • ACS URL
  • Entity ID URL
  • Attributes Mapping required
Brad Marshall
  • Agilix team member

Hey Burt, the Buzz SP metadata can be found at: https://api.agilixbuzz.com/saml/USERSPACE/metadata.xml.

Replace USERSPACE with your domain userspace/login prefix.

Burt Lo

Brad,

I checked out the metadata at the URL that you provided. I tried to use the entityID URL for both the ACS URL and Entity ID URL in the Google SSO setup.

Here is the error that I received, when I tried to login as a user:

HTTP Status Code: 404
HTTP Status Description: Not Found
Error: SAML resource not found
ErrorId: 71941004efa34236a17eef9b270bf5e3

Am I using an incorrect user ID? Is the attributes mapping for user authentication also in the metadata?

Brad Marshall
  • Agilix team member

The Entity ID URL in the SP metadata has an attribute of "entityID".

The ACS URL is in a node called "AssertionConsumerService".

Does this help?

Stephanie Kolcun

Why isn't there descriptions for Domain?

Brad Marshall
  • Agilix team member

Hey Stephanie, that is an error. We should document Domain and I will communicate this to our documentation team. 

The "Domain" feature allows you to point to another domain to use the other domain's SSO configuration. For example, if you configured SAML in a district domain and it is the same SAML to be used for each school (because the users in the SAML is all district users), you can point the school domain to use the district's SAML configuration.

Please sign in to leave a comment.