Setting up SAML2 authentication with EdSmart

When you're ready for us to begin setup please email help@edsmart.com with the following:

  • Your school's SAML2 metadata
  • A test user for EdSmart

We will set up a custom SAML2 login domain for you.

Here is our SAML2 metadata for you to configure with our values: https://www.dropbox.com/s/gtnoz6bg0mwjixf/metadata.xml?dl=0

These are the 5 claims to send through when authenticating:

  • UserID
  • mail
  • givenName
  • sn
  • role


The 'role' attribute corresponds to the user's role at the school, which is typically an enumeration of Staff and Student. It's essentially to restrict EdSmart signons to staff members (i.e. those in the Staff role).

One thing you may encounter when sending through the role claim is that, if you use the built-in ADFS role claim, it will come through to us with a claim name of http://schemas.microsoft.com/ws/2008/06/identity/claims/role. We require the claim name to just be 'role', so you may have to create a custom ADFS rule.

To do so, you can edit the Role rule, click on the View Rule Language button, and copy the rule language to the clipboard. You can then create a custom rule, paste in the rule language you copied, and modify the fully qualified issuer type to just read 'role'.

Let us know if you have any issues with this: we can give you a call and talk you through it, or we can remote in via TeamViewer and help set it up.