Integration

SAML Guide

aPlus+ Supports SSO Authentication via SAML. This guide covers the configuration process and information that is required.
Process
aPlus+ provides the service provider information as the system is provisioned. An example of this is on the following page.
Customer configures their IDP and provides aPlus+ with their metadata or the settings listed on the following page.
aPlus+ completes the service provider configuration.
Test the authentication process by accessing the aPlus+ URL
aPlus+ adds a test user to aPlus+ and test the full authentication and aPlus+ login process.
Terms and abbreviations
SSO (Single Sign-On) enables uses to securely log into applications (such as aPlus+) using one set of credentials which are not shared with the applications and managed by a centralized IDP.
SAML (Security Assertion Markup Language): An open standard for transferring identity data.
IDP (Identity Provider): The service which user’s log into using their login credentials
X.509 certificate: A digital certificate which defines the format of public key infrastructure (PKI) certificates. aPlus+ stores the public key which is used to verify that authentication information from the IDP can be trusted.
User Mapping
Each user must exist in aPlus+ already. When they attempt to access the application the will be redirected to the IDP where they authenticate and are redirected back to aPlus+.
For the process to complete successfully their aPlus+ user code field must match the NameID provided in the SAML response. Depending on requirements aPlus+ can be configured to load the email address from the Email Attribute if provided in the SAML response (instead of the NameID) and in this case the email must match the aPlus+ user code value.
aPlus+ Service Provider Information
Configure the IDP with the following details for aPlus+. The aPlus+ URL usually takes the form of customer.aplusattendance.com where customer is a unique subdomain for the customer. 
Information
Example
Single Sign On URL*
https://customer.aplusattendance.com/ssoauth/?type=saml
Issuer / Entity ID
https://customer.aplusattendance.com
(User) Start URL
https://customer.aplusattendance.com
* Single Sign On URL may also be referred to as ACS URL or Reply URL

Recipient URL and Destination URL options if available should be set to the Single Sign On URL above.
Identity Provider Information
The customer can provide their IDP metadata (xml file) or the following configuration settings can be provided separately:
Information
Example
SSO URL
https://customer.okta.com/app/z9wHEcOv/RTo7Tetv/sso/saml
SSO Entity ID (Issuer)
http://www.okta.com/rybs2m2dQEYL7URl
X. 509 Certificate
-----BEGIN CERTIFICATE-----
MIIDdDCCAlygTBzMC6r2h62QmQN7aLq+SGgU0StFUk9f3cwWIVaYextg8
… lines of data …
tFUk9f3cwWIVaYMIIDr2h62QmQN7aLq+SGgU0Sextg8dDCCAlygTBzMC6
-----END CERTIFICATE-----
﻿

Information	Example
Single Sign On URL*	https://customer.aplusattendance.com/ssoauth/?type=saml
Issuer / Entity ID	https://customer.aplusattendance.com
(User) Start URL	https://customer.aplusattendance.com

Information	Example
SSO URL	https://customer.okta.com/app/z9wHEcOv/RTo7Tetv/sso/saml
SSO Entity ID (Issuer)	http://www.okta.com/rybs2m2dQEYL7URl
X. 509 Certificate	-----BEGIN CERTIFICATE----- MIIDdDCCAlygTBzMC6r2h62QmQN7aLq+SGgU0StFUk9f3cwWIVaYextg8 … lines of data … tFUk9f3cwWIVaYMIIDr2h62QmQN7aLq+SGgU0Sextg8dDCCAlygTBzMC6 -----END CERTIFICATE-----

Attendance Query API

Student Absence Request Guide