Prevent Users from Signing in Outside of the SSO Method
Organizations can use a custom Single Sign-On (SSO) integration to administer their own Custom Domain or Custom Subdomain. Users log in through this domain with credentials administered by their organization.
Schoology currently supports the following external authentication methods:
- Remote Authentication
- LDAP
- Google SSO
- Microsoft Office 365 SSO
- SAML SSO
Frequent questions that arise for students and teachers at organizations using an external authentication provider include how to reset their credentials and where to log in.
For example, teachers who navigate to app.schoology.com cannot enter Google Apps credentials. Instead, this domain requires the Schoology-provided credentials administered in the Manage Users area.
System Administrators can reduce this confusion by enabling the permission to Ensure user logs in using an external authentication provider in the Permissions area of User Management.
Users with this permission enabled are not able to use their Schoology-provided credentials to log in via app.schoology.com and can only use their externally managed credentials to access the Schoology platform.
Users without this permission can log in using Schoology-provided credentials and externally managed credentials.
This permission is disabled for all roles by default. This means that by default, all roles can log in using both Schoology-provided and externally managed credentials.
System Admins can enable or disable the permission for all roles except their own. This is to prevent System Admins from getting locked out of Schoology.