Learn how to configure Google for use with Wellio's Single Sign-On system.
This process is divided into four phases:
Initial Setup
Email us your metadata
-
From the G-Suite Admin console Home page, go to Apps and then Web and Mobile Apps apps.
-
Click Add App -> Add Custom SAML APP
-
Add anything as the App name, click Continue
-
Download the metadata and send this to us at support@wellioeducation.com along with a test account.
- The test account should be set up with a student school-affiliated email address. When you email through the metadata please pass on the test account email address and password.
-
Cancel out of adding this App
Secondary Steps
Please follow these steps once you receive an email from us containing the ACS URL:
-
From the G-Suite Admin console Home page, go to Apps and then SAML apps.
-
Click Add App -> Add Custom SAML APP
-
Add 'Wellio' as the App name, and click Continue twice.
-
On the Service Provider Details screen, enter the following:
-
ACS URL: Enter the ACS URL we provide to you (please note we are unable to provide this until you send us your metadata)
-
Entity ID: Enter the Entity ID URL we provide to you (please note we are unable to provide this until you send us your metadata)
-
Signed Response: Leave unchecked.
-
Name ID Format: EMAIL (This might need to be PERSISTENT if 403 errors occur during testing)
-
Name ID: Basic Information, Primary Email. Click Next
-
-
On the Attribute Mapping screen, map:
-
Primary email to email
-
First name to first_name
-
Last name to last_name
-
SAML Attribute Mapping:
Click User Access and then turn it on for everyone (as below) or for specific organizational units as appropriate, and click Save. As noted, it may take up to 24 hours for this change to take effect for all users.
Testing
Once you've completed the secondary steps above, please email support@wellioeducation.com to let us know. From here, we'll use the test account credentials you've provided to test the integration is performing as expected before officially setting it live for all users.
Match existing users to the correct email (where required)
Once you've completed the secondary steps and we've completed a successful test of the integration, we'll be in touch to confirm if user matching is required in your instance. If it is, we'll also send you the appropriate information to complete.
If your students have previously been using Wellio without SSO integration, we need to make sure their existing Wellio accounts have the correct email address linked before we set the integration live. We'll match up as many accounts as possible and provide a list of those we couldn't match.
Please note that, in order for the integration to work as expected, users will need to be signed into their school-affiliated Google account in order to be able to log in to Wellio via SSO (or at least not signed into a different Google account).