Note: All pages below are subject to having relevant Roles and Permissions.
In this guide, you will be shown how to enable and help Staff get started with Single Sign On.
Covering
- Enable Single Sign on for staff
- Remove Single Sign on for staff
- Setup Single Sign on as for individual members of staff
- Link multiple user accounts (Google or Office 365 only)
- SSO account already linked to another user on the system message
- Setup Single Sign on for an Existing User
Single Sign On enables a school to permit its Staff to sign into the Bromcom MIS using existing Microsoft or Google Accounts.
This precludes the need to remember standard Bromcom Usernames and Passwords created in System Users. Additionally, Staff can be prevented from using these system-defined logins by disabling the functionality.
Note: Bromcom has some external applications which still require a standard Username and Password, such as Timetable. It is advised that new User Logins be created for these specific purposes to avoid difficulties using this application.
Note: Single Sign On works for a single system. If you are setting up Single Sign On on a test or demo system, you must Remove Link before you start using your live system or the Account will not link to your live system.
Enable Single Sign On for Staff
From the left Menu, go to Config > Setup > Security Settings.
Select Single Sign–On Providers Configuration and tick the box, Enable Self Registration.
If required, you can also tick Disable Authentication for Mapped Bromcom MIS Accounts to prevent staff from using the standard issue login.
This will now allow Staff to link their own Single Account with Bromcom.
Remove Single Sign On for Staff
From the same page, Click View Linked Accounts and select the Staff where you want to remove the Single Sign On, and select Remove Link.
Setup Single Sign-On for Individual Members of Staff
First login is required using the standard Bromcom login process.
Next, from the dropdown option next to the User Name select My Account.
Select the appropriate Single Sign On provider.
Complete the sign in details and any further security information requested by the provider.
The Linked Account will now be displayed instead of the options to link to a provider. This link can be broken by using the Delete icon. Click the Save button to complete the process.
Link Multiple User Accounts (Google or Office 365 only)
Linked Accounts can be viewed from the Config > Setup > Security Settings page using the View Linked Accounts option.
Click on the View Linked Accounts button and then select the Show Accounts without Single Sign-On radio button. This will list all of the Accounts without a Single Sign–On option.
From the Grid Actions click on the the CSV option, this will Export the list to CSV.
Here you you can update the Single Sign on Account column.
Now you are ready to Import the file.
Click on the Import button, Browse for your CSV file, select the columns to match criteria and either Microsoft or Google for the Sign-On and click the Import button. A Confirmation showing the number of changes will be displayed, select either Cancel or Proceed.
Note: Make sure that the data the system is using to match accounts is not changed before you attempt the import as this could cause credentials to be linked to the wrong account.
After this, Users will be able to login to the system with their own Google or Microsoft Account, without the need to know their Bromcom Account details.
Note: Single Sign On works for a single system. If you are setting up Single Sign On on a test or demo system, you will need to Remove Link before you start using your live system or the Account will not link.
Also see:
Single Sign-On Quick Guide
SSO account already linked to another User on the system message?
If a User is unable to login to the MIS with their SSO Account and they receive the message Already linked to another user on the system. Then click on the link below.
https://services.bromcom.com/CommunicationServer/Customer/AuthenticationService/OAuthCheck.aspx
Once the page has opened select the provider they are using to link the Account, Microsoft or Google.
They will see a list of the Schools the Account is linked with. Click on the relevant one to remove the link.
Once done they will need to Login to the MIS with their MIS Username and Password and relink their Account.
Setup Single Sign on for an Existing User
Go to Modules > Setup > System Security > System Users > New, the Link User to Existing Staff Record option will already be selected. Type in the User Name or use the Search Selector to find the User.
When using the Link User to Existing Staff Record option a Blue button Register SSO will be displayed, click this to select the Provider, Office 365 or Google, then Confirm & Close. The Staff email address is then inserted into the User related SSO Account option in the My Account section and Activated. Once Active the button will change colour to Red, Remove SSO selecting this will automatically Delete the email address from the SSO Account and reset the SSO state in the My Account section.
Note: This option only displays if you are using Single Sign On for Office 365 or Google.