User - Google SSO Configuration

This document provides instructions for enabling Google SSO for your District. By enabling Google SSO use with Illuminate, your users will use their district-managed, Google accounts to authenticate with Illuminate's products. Users will click the red Google signin button and it will redirect them to a Google login page.

Setting Up Google SSO - Overview

  1. Please notify your Implementation Manager regarding your request and let your users know about potential loss in service.
  2. To gain access to Google SSO, all usernames in Illuminate must be changed to their Gmail account email.  Please note it is not inputted in the email field.  The username must be the Google account email.
    • For example, John Smith’s username in Illuminate is jsmith.  Before enabling Google SSO, his username must be changed from jsmith to jsmith@illuminatedistrict.net.
    • Depending on your product (ISI or DnA), importing your emails will differ.  Please refer to the correct header, "ISI - Importing Google Account Emails" or "DnA - Automating Google Account Emailings."
  3. After updating your usernames, please notify your Implementation Manager or Support Agent you are working with.  Please provide a date and time to turn it on.
  4. Please inform your users of this change and anticipate any issues.

1 - Notify Your Implementation Manager and Users

Please contact your Implementation Manager regarding your request.  It would help to make sure you are aware of the following details:

  • Enabling Google SSO moves the responsibility of managing account information, such as passwords and usernames, from Illuminate's servers/services to Google's services.  Please be ready to transfer this responsibility and inform users after completing your request.
  • If there are accounts that are shared, you may want to enable "Bypass Remote Authentication" for the account.  For example, the Test Admin is shared by multiple users and is often set to Bypass Remote Authentication.
  • During this time, your users will experience inconsistency in service, potentially locking them out of their accounts until Google SSO is enabled.  Please plan around this and inform your users.

If you are unsure who your Implementation Manager is, please contact our Help Desk.

Follow-up by informing your users regarding possible loss of service during this time.  You may use the following template to inform users:

"Dear staff and faculty,

Our District is currently migrating to Google SSO authentication for Illuminate Education's services.  This means, during the next few days until the anticipated date of service, {insert_date_here}, you may experience some loss of connection.  While we hope to minimize the lost of service during this time, please be aware of this possible change in access.

If you have additional questions or concerns, please provide a reply to this email.  If you have several urgent tasks during this expected time period, please contact us with the details so we can attempt to plan around your situation.

Sincerely,

Your System Admin"

2a - ISI - Importing Google Account Emails

This step is for ISI Districts. We will update the usernames to the Google App emails from the back-end.  You will need to create a Core Data Configuration with the following 4 columns and a tab-delimited file named user-sso.txt:

  • 
User ID
 (required)
  • Last Name
  • First Name
  • Google Apps Email (required)
If you are unsure where to find the User ID, you can create a Custom Report with columns from the Users/Teachers Category.

From there, we will update your username fields to the Google App Email.  This will take down user access during the remainder of the set-up so please inform your users ahead of time.

2b - DnA - Automating Google Accounts

Performing step 2b will take down your users access to Illuminate.  Please inform users regarding potential loss of service during this period.

This is for DnA clients.  Your District data analyst will need to work with our Data Team/Help Desk to complete this step.

If you are using our complimentary Aeries Extract tool or any of our PowerSchool Scripts, you will want to get in touch with the Data Team member who configured them and let them know your request.

If you are writing your own scripts or tools, you will want to change your logic to pull email information into the users.txt file.  Please note, this is not the responsibility of Illuminate Education if you are using your own scripts/tools.

3 - Contact Your Implementation Manager or Support Agent

After running step 2a or 2b, please update your ticket informing your Implementation Manager or Support Agent.  Update the ticket with a Date or Date+Time for enabling Google SSO.

Inform your users of the change in authentication policy.  I recommend providing processes and procedures for forgotten accounts or lost passwords if you users do not regularly use Google SSO.  Here is a possible template for you to use:

"Dear staff and faculty,

Illuminate Education's services will be using Google SSO on {insert_date_here} and this point forward.  This means you will see a red "Google SSO" button in the log in page.  Please use this to redirect you to the Google SSO sign-in page.  From there you will use your Google SSO credentials.

If you are unsure of your account, please follow the following steps:

{insert_steps_here}

If you have forgotten your password, please follow the following steps:

{insert_steps_here}

If you run into any errors, please provide the error and verify the steps-taken to reproduce the error and let our District Help Desk know.

Sincerely,

Your System Admin"

Note

  • After enabling Google SSO, passwords are managed by the District Administrator in charge of the Google SSO.  Please inform your users this and set this expectation.  
  • Enabling Google SSO will be a global change per Instance.  So, if Google SSO is enabled, all sites will see the button; however, until the username is switched to ther username@domain, they may continue to use the Illuminate log-in page.
    • If you need a special circumstance where an entire site/district in your district/consortium will be a case by case basis, please inform your Implementation Manager and they will contact a developer with specifics.