How do I prevent users at my organization from logging in outside our SSO method?

Organizations can use a custom Single Sign-On (SSO) integration to administer their own Custom Domain or Custom Subdomain. Users log in through this domain with credentials administered by their organization.

Schoology currently supports the following external authentication methods:

Frequent questions that arise for students and teachers at organizations using an external authentication provider include how to reset their credentials and where to log in.

For example, teachers who navigate to app.schoology.com cannot enter Google Apps credentials. Instead, this domain requires the Schoology-provided credentials administered in the Manage Users area.

System Administrators can reduce this confusion by enabling the permission to Ensure user logs in using external authentication provider in the Permissions area of Manage Users.

New_SSO_permission.png

Users with this permission enabled are not able to use their Schoology-provided credentials to log in via app.schoology.com and can only use their externally managed credentials to access the Schoology platform.

Users without this permission can log in using Schoology-provided credentials and externally managed credentials.

Note:  This permission will only appear if you have already configured your SSO or Remote Authentication method. If you do not see this permission once your login method has been configured, please contact your Client Success Manager.

This permission is disabled for all roles by default. This means that by default, all roles can log in using both Schoology-provided and externally managed credentials.

System Admins can enable or disable the permission for all roles except their own. This is to prevent System Admins from getting "locked out" of Schoology.

 

Powered by Zendesk