Schoolzilla

FAQ: Single Sign-On with Active Directory Federation Services

Functionality:

  • What is required from our team to enable SSO? To enable SSO with Schoolzilla via ADFS, you'll need to set up ADFS to connect to Schoolzilla via SAML 2.0.
  • Does enabling SSO change anything about how I provision new user accounts? By default, anyone who logs in through your AD FS integration will have an account created for them automatically the first time they log in to Schoolzilla. Accounts that we provision automatically will be given a "teacher" role in Schoolzilla and will have the default permissions for teacher-level accounts. Learn more about permissions for teachers. If you do not want these accounts to be created automatically, you should *disable auto-provisioning* on your Single Sign-On Setup 5 page (under "Advanced Settings"). See "Account Provisioning" below for more details to help you decide if you should disable this feature.
  • What will change for our existing users? They'll be logged into Schoolzilla automatically whenever they log into their ADFS account, but other than that, not much!
  • Will existing permissions remain in place? Yes
  • Will my groups remain in tact? Yes

Timeline:

  • How long does SSO take to implement? It's instant once we've signed you up and you've set up Schoolzilla as an app.

Additional information about automatic account provisioning:

  • When to disable auto-provisioning: We recommend disabling auto-provisioning if students, parents, or other non-staff users might have access to Schoolzilla via your AD FS integration. This is because automatic account provisioning treats all new users as "Teachers" (which is the most restricted user role in Schoolzilla) and therefore may give students or parents access to sensitive data. Disabling auto-provisioning will prevent students, parents, or other users who you don't wish to have access to Schoolzilla from logging in via SSO.
  • Creating accounts when auto-provisioning is disabled: If auto-provisioning is disabled, we'll automatically create accounts for any users we know are active staff members within your organization ("active staff members" are staff who have (1) current enrollment data, and (2) a valid email address in your SIS), but anyone else in your organization (e.g., school leaders or district leaders) who should have access to Schoolzilla will need to be added manually in My Users. If someone tries to log in from your AD FS integration with an email address we don't recognize, they won't be given an account and will not be able to access to Schoolzilla.