Updated: 3 months, 2 weeks ago
If your school uses Studentnet Cloudwork, you can now configure EnrolHQ SAML Settings to allow staff to log-in with their Cloudwork Account. Studentnet has their own Authenticator App with push notifications so MFA is handled via a phone app rather than SMS. They also have nifty features like geo-blocking logins, putting time-restrictions on logins to improve your security.
To get Cloudwork and EnrolHQ to play nice, follow the steps below:
Step 1: Go to Cloudwork Dashboard and Add a new SSO Service
Above: Click on 'Single Sign On' button. Below: 'Add new Service'
Now add "Custom SAML Service"
Step 2: Configure New Service Metadata
You will now see a screen like this where you can enter the fields
The fields are explained as per the below table:
Now click Submit and the Cloudwork side should be set up.
You will need to copy the Entity ID metadata URL for pasting into EnrolHQ.
Step 3: Configure EnrolHQ SAML
Inside EnrolHQ, you will need to login as a user with 'Admin' privileges (that is you have the 'Admin' role attached to your user). Then you will be able to go to User Management > SAML Settings in the main left hand menu.
Click Save and you will see the full set-up.
Step 4: Test and then Force SSO for EnrolHQ Users
As with Microsoft Azure AD, you will need to add users and/or groups to your Cloudwork SSO service for EnrolHQ before it will work. The user with the same email address already has to exist inside EnrolHQ too. There is no auto-provisioning of accounts (as that is a security risk). The 'Admin' in EnrolHQ needs to review the users inside EnrolHQ and make sure they are assigned to the correct roles. Once you test that the SSO works, you will need to go to the Users page and toggle 'Password Auth' to off so that those users cannot use their old EnrolHQ username/passwords anymore and must use SSO.
Conclusion:
Configuring EnrolHQ to use your school's identity provider whether it be Cloudwork, Azure, Okta or others is an easy way to improve your school's IT security posture. Not only does it make life easier for school admins to log-in but IT now has a way to centrally monitor, log and provision user accounts with the correct access privileges. At EnrolHQ we believe that security should be baked into the product as standard so SAML-based SSO authentication is available at no extra cost.
Just log-in as an 'Admin' and you will see the configuration page under User Management > SAML Settings. If you have any questions always feel free to contact us at support@enrolhq.com.au