Product: LaunchPad
Audience: ClassLink Administrator
ClassLink can become your 3rd party SSO provider for Google SSO by following these steps in the Google Admin Console. This will allow users to log into their Chromebooks using ClassLink instead of their Google credentials. If you need further assistance, please contact helpdesk@classlink.com.
1. Open your G Suite Admin Console at https://admin.google.com.
2. Click the Security option.
3. Click Set up single sign-on (SSO) for SAML applications.
4. Click the Download IDP Metadata button in the Certificate 1 field. This file will be needed in a later step. Keep the Google Admin Console open in a separate tab, as you will need to return to the console towards the end of this process.
5. In ClassLink, open up the ClassLink Management Console from My Apps
6. Single Sign-On -> SAML Console
7. In the SAML Console -> click Copy Existing in the top menu.
8. Click Copy for the G Suite entry.
9. Click the Tasks icon (…) -> click Edit from the drop-down menu.
10. Click metadata text, which is found underneath the Metadata URL input field.
11. Open the IDP metadata file that you downloaded from the Google Admin Console in a text editor (e.g. Notepad).
12. Copy the entire contents of the file -> paste it into the Metadata field of the ClassLink IDP Console.
13. Under Login URL, enter the appropriate URL based on your goal of having the camera automatically activated for QuickCard use or to have the ClassLink login page replace your Google login screen.
- To have the camera activated, copy and paste the URL below using the end portion of your custom ClassLink login URL (example below):
quickcard?school_code=DEMO&chromebook=1
Note: Replace "DEMO" with the end of your custom ClassLink URL.
- To have the ClassLink login page replace your Google login page (if your authenticate into ClassLink with AD credentials, copy and paste the URL below using the end portion of your custom ClassLink login URL (example below):
-
Note: This option is only available to schools that authenticate into ClassLink using Active Directory credentials.
-
DEMO?chromebook=1
-
Note: Replace "DEMO" with the end of your custom ClassLink URL.
14. Check the box for Use custom certificate for signing -> click the Create One button.
15. In the Consumer Service Url (post) field, replace yourprimarydomain.org with your school’s G Suite domain.
16. Click Update, to save all settings and return to the main listing of the ClassLink IDP Console.
17. Click the Tasks icon (…) again -> click Download IDP Certificate. You will need this file in a moment.
18. Click the arrow next to the G Suite IDP Metadata URL (middle column) -> click Copy IDP Single Sign On Service URL.
19. Return to the Google Admin Console’s Security section -> click on Set up single sign-on (SSO) with a third party IDP -> check the box for Setup SSO with third party identity provider.
20. Under Verification certificate -> click Choose File -> select the IDP certificate downloaded from the ClassLink IDP Console (file will be named idp_certificate.crt).
If you do not see Choose File -> click Replace certificate.
21. Click the Upload button.
22. In the Sign-in page URL field -> paste the IDP Single Sign On URL that was copied from the ClassLink IDP Console.
23. In the Sign-out page URL, paste in the following URL: https://launchpad.classlink.com/logout?customurl=CustomLoginURLCODE
Note: Not sure of your Custom Login URL? The login page URL is located in the ClassLink Management Console under Settings>Login Page. Copy that URL that is associated with your Domain. See image below.
Replace the highlighted text below with your Custom Login URL
Example: https://launchpad.classlink.com/logout?customurl=ABCDistrict
24. To apply these settings to only specific organizations, set the network mask to 1.1.1.1/32 in the network masks field. Do not check "Use a domain specific issuer."
Note: If you do not apply the network mask, all GSuite logins across your domain will be routed to ClassLink.
Note: If your authentication method into ClassLink is with Google credentials, you MUST set a network mask.
25. Click Save.
26. Click here for Phase 2. This phase is where you will configure your user and device settings for Chromebook logins.
Updated: May 2020