Educational

How-To: Use Google as SAML-based SSO for EnrolHQ Login

Mark Barrett

Managing Director

At EnrolHQ, we enabled SAML-based SSO in early 2023. Most K-12 schools in Australia/New Zealand either use Microsoft Azure SSO or Studentnet Cloudwork SSO. However with more International schools coming onboard, we recognised the need to offer a path to setting up Google SAML-based SSO with EnrolHQ.

The main difference is that Google does not provide a URL for the metadata. Instead, they provide a downloadable metadata XML file which needs to be uploaded to EnrolHQ. We've now upgraded EnrolHQ to allow upload of the Google provided XML metadata for SAML-SSO.

Metadata

Google provides detailed instructions here - https://support.google.com/a/answer/6087519?hl=en&fl=1&sjid=5115574173691821780-NC for the set-up inside Google Admin Console, however this guide will provide the abridged version with screenshots.

a) Go to admin.google.com

b) Go to Apps > Mobile Apps in the main menu

pic 2

c) Click 'Add App' and then choose the 'Add custom SAML app' option

pic3

d) Now you need to provide an 'App Name' which is 'EnrolHQ' and the 'Description' which is 'EnrolHQ Single Sign On for Staff Dashboard'

pic4

e) Click "Download Metadata" to get the XML file containing the IdP Metadata which you will upload to EnrolHQ

pic5

d) Now open EnrolHQ in another dashboard and log-in as a staff member using your username and password with SMS 2FA. The first user account that is created in EnrolHQ needs to use username/password/SMS 2FA so you can login to add the SAML configuration.

Go to User Management > SAML Settings

pic6

Then Enable it (SAML) and put 'Google SSO' or 'Google Single Sign-On' as the IdP name and upload the Google Metadata XML file that was downloaded in Step E.

pic7

Don't forget to Save at the bottom.

e) Go back to Google and proceed to Step 3 which is the 'Service Provider' details. Copy and Paste the ACS URL from EnrolHQ User Management SAML Settings to the ACS URL inside Google. Copy and Paste the Metadata URL from EnrolHQ to the Entity ID field in Google.

pic8

f) Now finally go to Step 4 Attribute Mappings in Google - Add Custom SAML App. You will need to choose "Primary Email' from Google directory attributes and map that to "mail" on the App Attributes. Then hit "Finish"

pic9

As with Microsoft Azure AD and Cloudwork SSO services, you will need to make sure your users have accounts in the Google Admin.

Check in Directory > Users.

If these users are in Google and they have a matching user in EnrolHQ with the same email address then Single Sign On will work. Your users should click the link that shows up on the EnrolHQ login screen that says "Google SSO" or "Google Single Sign On" depending on what you put in Step D.

pic10

Mark Barrett

Managing Director

More like this

Educational

How-To: Use Google as SAML-based SSO for EnrolHQ Login

Educational

Getting your online enrolments system ready for 2025

Educational

Status Conversion Report

Educational

How To: Integrate EnrolHQ with Azure Active Directory SSO

Educational

How To: Integrate EnrolHQ with Studentnet Cloudwork to provide SSO

Educational

Re-open or Reset Application and Offer Forms

Educational

Enrolment Journey Cards to help you plan out your admissions process