Sign In
Get Started
Search
⌘K
Get Started
Platform
Dashboard
Developer Guides
API Reference
UI Widgets
Providers
Legal
Flow
Changelog
Roadmap
For Developers

Implementation Details

the Edlink Team
By the Edlink Team
Unknown Date
Copy Markdown
Report an Issue

This document provides an overview of how Edlink's OAuth2 integration works, including key setup details, data requirements, and important considerations for successful implementation.

How the Integration Works

Edlink's OAuth2 integration allows schools and organizations to connect an external OAuth2-compliant authentication provider to enable secure access to connected platforms. This integration facilitates authentication and authorization but does not sync roster data.

Integration Workflow

  1. OAuth2 Provider Setup: Schools or organizations configure an OAuth2 provider (e.g., Google, Okta, Microsoft Entra ID, or AWS Cognito) to handle authentication.
  2. Edlink Connection: The OAuth2 provider is connected to Edlink as an authentication source.
  3. Enrichment: The OAuth2 source is linked to the primary rostering source (e.g., SIS, LMS, or CSV upload) to enable login for integrations associated with that source.

Requirements for Successful Integration

Seamless authentication depends on aligning user data between the OAuth2 provider and the primary rostering source. Below are the key requirements for successful integration.

Matching Email/Usernames

  • Consistency Required: The email addresses or usernames from the OAuth2 provider must match those in the primary rostering source (e.g., SIS, LMS, or CSV upload). Mismatched identifiers will prevent successful authentication.

Primary Rostering Source

  • Authentication-Only Role: OAuth2 cannot function as the primary source of data for Edlink. Rostering data (such as people, classes, and enrollments) must come from an external SIS, LMS, or flat-file upload.
  • OAuth2 is used only as an authentication layer on top of the existing primary source.

Supported OAuth2 Providers

  • Any OAuth2-compliant provider can be used, including:
    • Google
    • Okta
    • Microsoft Entra ID
    • AWS Cognito
    • Custom OAuth2 providers

Key Considerations

  • Secondary Source Requirement: OAuth2 is always used as a secondary source in Edlink integrations and cannot replace a primary rostering source.
  • Testing & Validation: Ensure email addresses or usernames match between the OAuth2 provider and the primary rostering source before launching. Mismatched data will result in failed authentication.
  • Security Best Practices: Choose an OAuth2 provider that aligns with your organization's security policies. Providers offering multi-factor authentication (MFA) are recommended for enhanced security.
  • Scope Configuration: Configure the provider to request the appropriate OAuth2 scopes, such as:
    • openid for user profile access.
    • email to retrieve the user's email address.
    • profile for additional user data.
    • offline_access for refresh token support.

For additional assistance with OAuth2 setup, troubleshooting, or configuration, please contact Edlink support or your Customer Success Manager.