What happens if the identity provider is unavailable?

OpenEduCat maintains emergency local admin accounts that bypass SSO. For regular users, authentication depends on the IdP being available. We recommend high-availability IdP configurations for production environments.

Does LDAP integration support nested groups?

Yes. OpenEduCat resolves nested LDAP/AD group memberships when mapping roles. If a user belongs to a group that is a member of another group, both group memberships are considered for role assignment.

Is multi-factor authentication supported?

MFA is handled by your identity provider (Azure AD, Okta, Google, etc.). When users authenticate through SSO, they go through whatever MFA policy your IdP enforces. OpenEduCat respects the authenticated session from the IdP.

🔐

SSO & LDAP Integration

Enterprise EditionAuthentication

Centralize identity management with SAML SSO, LDAP, Azure AD, and Google Auth

Overview

Simplify access management across your institution by integrating OpenEduCat with your existing identity provider. Support SAML 2.0 SSO for enterprise single sign-on, LDAP/Active Directory for on-premise directory services, Azure AD for Microsoft environments, and Google OAuth for Google Workspace schools. Users sign in once and access OpenEduCat alongside other institutional systems without managing separate credentials. IT administrators control provisioning, role mapping, and access policies from a single directory.

Key Capabilities

SAML 2.0 Single Sign-On

Connect any SAML 2.0 compliant identity provider. Users authenticate through your institution's login page and are automatically signed into OpenEduCat.

LDAP/Active Directory

Authenticate users against your on-premise LDAP or Active Directory server. User accounts in OpenEduCat stay in sync with the directory.

Azure AD Integration

Use Azure Active Directory as the identity provider with automatic user provisioning based on Azure AD groups and roles.

Google OAuth

Allow students and staff to sign in with their Google Workspace accounts. Ideal for institutions using Google Workspace for Education.

Automatic User Provisioning

New students and staff are automatically created in OpenEduCat when added to the directory. Departures trigger account deactivation.

Role-Based Access Mapping

Map directory groups (e.g., "Faculty", "Students", "Admins") to OpenEduCat roles. Access permissions are maintained centrally in your directory.

Setup Guide

Choose Authentication Method

Select SAML SSO for enterprise IdPs (Okta, OneLogin, ADFS), LDAP for on-premise directories, Azure AD for Microsoft shops, or Google OAuth for Google-first schools.

Configure Identity Provider

Register OpenEduCat as a service provider in your IdP. Enter the OpenEduCat entity ID and assertion consumer service URL.

Install Auth Module

In OpenEduCat Settings > Authentication, install the appropriate module (SAML, LDAP, Azure AD, or Google OAuth) and enter the IdP configuration details.

Map User Attributes and Roles

Configure attribute mapping (display name, email, department) and map IdP groups to OpenEduCat roles (student, faculty, admin, parent).

Test and Enforce

Test login with accounts from each role. Once verified, optionally enforce SSO by disabling local password login for all users except emergency admin accounts.

Use Cases

Universities with existing Active Directory infrastructure that want single sign-on across all campus systems
K-12 districts using Google Workspace for Education that need students to log in with their school Google accounts
Institutions with compliance requirements (FERPA, GDPR) that mandate centralized identity and access management
Multi-campus systems that need a single directory to manage user access across all OpenEduCat instances

Technical Requirements

Identity provider supporting SAML 2.0, LDAP, Azure AD, or Google OAuth
OpenEduCat 4.0 Enterprise Edition
Network connectivity between OpenEduCat server and the identity provider
Administrator access to both the identity provider and OpenEduCat
SSL certificate for secure SAML assertions and LDAP over TLS

Student Management

Student information system software that keeps every record (academics, health, contacts, documents) in one place. SIS for K-12 schools and universities that gives staff accurate student data instantly and makes reporting effortless.

Campus & Hostel Management System

Manage hostel allocations, facility bookings, and maintenance from a single system linked to student records, fees, and timetables. Real-time occupancy and cost data for housing directors.

Payroll Management

Automate payroll for school staff — salary calculations, tax compliance, benefits, and payslips integrated with attendance and contracts for accurate, on-time payments every cycle.

Frequently Asked Questions

Yes. You can configure Azure AD for staff, Google OAuth for students, and keep local password login for external vendors, all active at the same time. The login page shows the appropriate options based on your configuration.

Enable SSO & LDAP Integration

Connect SSO & LDAP with OpenEduCat and simplify your institution's digital ecosystem.

See How It Works Talk to an Advisor

Try it free for 15 days. No credit card required.