Skip to main content
United States Canada

SAML/ADFS Single Sign-On Information

Articles in this section

Ready to move forward with an integration? Complete the SSO Request Form to begin the process and a member of the DE Technical Integrations team will be in touch. 

Overview

Discovery Education offers the ability to provide Single Sign-On (SSO) using Microsoft’s Active Directory Federation Services (ADFS), or a SAML 2.0 provider. This allows users to log into Discovery Education with familiar credentials, and also supports session-based SSO triggering.

User management (creating and updating users) in Discovery Education is achieved via CSV files that are posted nightly to Discovery Education’s SFTP server, which is a process that can be automated. Class and Class Roster data can also be imported via the same process.

Requirements

(All requirements must be confirmed to proceed)  

  1. All schools, teachers, and students that subscribe to Discovery Education services must use SSO
  2. Complete the SSO request form.
  3. Build a Trust by exchanging federation metadata (URL or xml file)
  4. Ability to generate and post .csv files with required fields to Discovery Education’s SFTP server. See Imports for Single Sign-On for details.

Steps to Implement

  1. Determine SAML/ADFS to be your technology of choice.
  2. Complete the SSO request form.
  3. Build a Trust by exchanging federation metadata (URL or xml file).
  4. Build a process to generate and post .csv files via SFTP. See Imports for Single Sign-On for details.
  5. Prepare existing Discovery Education user accounts for conversion.
  6. Determine launch date and communicate it to Discovery Education staff.
  7. Communicate new login method (URL) and launch date to teachers and students.
  8. Post .csv files the evening before the launch date to process overnight.

User Experience

Once SSO is launched, users will log into Discovery Education by navigating to https://<district>.discoveryeducation.com   The <district> sub-domain may be chosen by the district.

Once SSO is launched, users will no longer be able to log into https://www.discoveryeducation.com. Any saved hyperlinks that are not configured for SSO will prompt users to log in directly at www.discoveryeducation.com will no longer work. We recommend implementing two options in this case:

1. Update existing hyperlinks with the SSO subdomain:

https://www.discoveryeducation.com should be updated to https://<district>.discoveryeducation.com

2. Advise users to log in via SSO before using saved hyperlinks.

How It Works

Users are authenticated into Discovery Education via SAML/ADFS, provided that usernames in Discovery Education are in the required SSO username format.   The Discovery Education SSO username format is: <SAML Claim/Attribute>@<district>.discoveryeducation.com.

Note: This username is never known by the end user.  

Frequently Asked Questions

Where do users go to log in with their SAML/ADFS accounts? For SAML/ADFS SSO to work, users must log in via <district>.discoveryeducation.com. Usernames in Discovery Education must also be configured properly.  

What is the cost for SAML/ADFS SSO? Is there an agreement involved? SAML/ADFS SSO is free and there is no required agreement. However, a DE SSO request form must be completed. Complete the request form here

When can we launch SAML/ADFS SSO? Variable timeline, typically two weeks. Once the paperwork has been signed and returned, the Trust has been established, and the .csv import files have been generated, a launch date can be determined. Communicating new log in URL is critical to a successful launch. We recommend launching on a Friday, at least two weeks after the agreement is returned and communication to users has begun.  

What happens to existing Discovery Education user accounts? Will they keep their saved content and work? Teacher accounts are mapped across systems on email or Teacher ID and CONVERTED to SAML/ADFS accounts (username updated). If email addresses or Teacher IDs are not stored in Discovery Education, additional strategies are recommended for preparing teacher accounts for mapping and conversion:

  1. Ask teachers to log into Discovery Education and ensure that the email address in the profile matches their district email address. Failure to do so may result in a new user account being created.
  2. Upload a teacher CSV via the Bulk Import tool to update the existing email addresses and Teacher IDs. Teacher accounts can be exported from Discovery Education by navigating to My Admin > Bulk Import > Update Rosters > Teachers. Update email addresses as needed, save as .csv, and upload via the Bulk Import utility.
    • If only the domain differs between the email address and the email address in Discovery Education, perform a Find and Replace in Excel.
    • If the entire email address differs, a VLOOKUP in Excel between old email address and email address may be required.

Student accounts are mapped to their SAML/ADFS accounts and CONVERTED based on matching Student IDs between the two systems. Feel free to contact Discovery Education to discuss a launch plan for your district.  

Share
Was this article helpful?
6 out of 10 found this helpful
Return to top

In this article