FAQ: Single Sign-On with Google
Login authorization is essential for ensuring student privacy and data security. But, for users, the login process can be incredibly frustrating. It’s the first step toward data use, so we want to make it easy!
Single sign-on (SSO) with Google:
- Eliminates the need to remember a password for teachers and school leaders
- Replaces the login process with a single simple, secure button
- Makes engagement in data easier just in time for back-to-school season
Users can easily access Google-based SSO by clicking the “Sign in with Google SSO” button on our login page (app.schoolzilla.com).
My district uses Google SSO. Will all of my users be able to login using this button?
Not necessarily. A few conditions must be met before a user can login with Google SSO:
Have you enabled Google SSO*?
- If enabled, any users who have an existing account with Schoolzilla can log in with Google SSO.
- If you have not enabled Google SSO, your users will see a message alerting them to the fact that Google SSO has not been enabled.
- Interested in setting up Google SSO? Please reach out to your project manager or Support.
Is auto-provisioning enabled?
- If auto-provisioning IS enabled, users CAN login with Google SSO and have a new Schoolzilla account auto-generated.
- If auto-provisioning is not enabled, users CANNOT login with Google SSO unless we find an existing user account with Schoolzilla.
If a user cannot be authorized by this process, then they will be redirected to back to the login page. We do not display any special messages or warnings in order to adhere to security best practices.
*As a reminder, we’ll automatically create teacher accounts for any users we know are active staff members within your organization. "Active staff members" are staff who have (1) current enrollment data, and (2) a valid email address in your SIS. Anyone else in your organization (e.g., school leaders or district leaders or teachers who require access by rostering) who should have access to Schoolzilla will need to be added manually in My Users.
Should I enable auto-provisioning?
- When to disable auto-provisioning: We recommend disabling auto-provisioning if you use the same email domain or students, parents, or other non-staff users as you do for staff. This is because automatic account provisioning treats all new users as "Teachers" (which is the most restricted user role in Schoolzilla). Schoolzilla only provides access to specific student data IF teachers have students enrolled in their classes or have been specifically rostered via upload; however, automatic “teacher” accounts may be able to access the District Profile and Our Schools.
- Creating accounts when auto-provisioning is disabled: If auto-provisioning is disabled, we'll automatically create accounts for any users we know are active staff members within your organization ("active staff members" are staff who have (1) current enrollment data, and (2) a valid email address in your SIS), but anyone else in your organization (e.g., school leaders or district leaders) who should have access to Schoolzilla will need to be added manually in My Users. If someone tries to log in through Google with an email address we don't recognize, they won’t be given an account and will not be able to access to Schoolzilla.
If the above doesn't apply to you, reach out to Support to enable auto-provisioning.
My district uses ADFS, OKTA or One Login. What does this mean for my users?
There are no changes for these types of SSO. Please refer to these articles for more information:
Okta with Schoolzilla (FAQ | Setup)
OneLogin with Schoolzilla (FAQ | Setup)
ADFS with Schoolzilla (FAQ | Setup)
- What is required from our team to enable SSO? To enable SSO with Schoolzilla via Google, all you need to do is provide the email domain associated with your organization’s Google apps account.
- What do you mean by "email domain"? Could you give an example? An email domain is the thing that comes after the “@” sign in your work email. Organizations that use Google apps will have at least one domain associated with their Google apps account, usually something like "examplepublicschools.org"
- Does enabling SSO change anything about how I add new user accounts? By default, anyone with an email address in the Google email domain(s) you provided will have an account created for them automatically the first time they log in to Schoolzilla. Accounts that we provision automatically will be given a "teacher" role in Schoolzilla and will have the default permissions for teacher-level accounts. Learn more about permissions for teachers. If you do not want these accounts to be created automatically, you should contact our support team and let them know you want to *disable auto-provisioning*. See "Account Provisioning with SSO" below for more details to help you decide if you should disable this feature.
- What will change for our existing users? They'll be logged into Schoolzilla automatically when they're logged into their Google account, but other than that, not much!
- Will existing permissions remain in place? Yes
- Will my groups remain in tact? Yes
How long does SSO take to implement once we provide the email domain(s)? Within the same business day.