Single sign-on - also known as SSO - is a widely requested feature for edtech applications. SSO allows users to sign into a third-party application by authenticating through a different platform. Usually, the platform providing authentication is frequently used by end-users and is a hub for online activity. In education, this hub is usually the learning management system that the school uses or an online portal that the school has integrated with, such as Clever or Classlink.
Building an SSO solution for an edtech app comes with some unique challenges. Here are five points you should keep in mind if you're trying to implement SSO into your own app.
1. There are many of platforms your users may be coming from.
Many websites offer different methods for users to authenticate through SSO (e.g. supporting logins through both Google and Facebook). This allows users to sign into the app regardless of platform they primarily use. The same concept holds true in edtech. There are a variety of platforms that schools use that support SSO. All of the major LMSs allow external apps to provide authentication through their SSO methods. Additionally, schools may want their apps to provide SSO options through SIS-integrated portals (e.g. Clever, Classlink, GG4L, etc.). The more options you provide to sign into your app, the more likely you will be able to meet the needs of any school that you want to work with.
2. There are different methods to support SSO, even for the same platform.
Most of the learning management systems in K12 and higher education provide multiple methods for third-party apps to authenticate users through their platforms. The primary ways these platforms support SSO is through their APIs or through the LTI® standard. Each district has their preferences about which method they request in their RFPs to edtech vendors. Making sure y0u can comply with the requests of your clients can help you win more deals and keep your schools happy.
3. It can be difficult to match up users to their schools.
While many learning management systems allow apps to see which school or district a user is coming from, not all do. For example, Google Workspace does not have the concept of organizing users by distinct schools, but rather Organizational Units (OUs). These OUs are rarely organized by schools, so it can be extremely difficult to determine which school a user who signs into your app is coming from. If you aren't prepared to handle these users, you may find yourself in a bind.
4. Some platforms require you to work with school admins to get the integration configured.
Several platforms require administrators to perform certain tasks in order to get an SSO integration up and running. For example, Canvas and Brightspace administrators must create and securely transmit developer keys to you if you want your app to be able to provide SSO and other integrated functions. To do this properly, you should provide detailed instructions to administrators and a secure method for the admins to send you the developer key IDs and secrets.
5. You should weigh the cost of buying vs. building an SSO integration.
While SSO generally works similarly across different platforms, actually building SSO integrations into your app can take a decent amount of time and effort. Each platform has its own quirks and not even all platforms support authentication through the standard OAuth 2.0 workflow. It can help to get your integrations up and running by working with a partner that has already built these types of integrations and who has a deep breadth of knowledge about these educational platforms. Working with an integration partner can help you better focus on the content and user experience of your own app.
If you're seeking out help in building out SSO integrations in your platform or want to know more about SSO in edtech, we would love to hear from you! Our team works with several edtech developers and educational publishers to support their own SSO integrations. We've done much of the heavily lifting in this space and can help you get up and running quickly. If you'd like to learn more, please message us at firstname.lastname@example.org to leave us a message at our support page.
Learning Tools Interoperability® (LTI®) is a trademark of the IMS Global Learning Consortium, Inc. (www.imsglobal.org)