Element451

Element451 supports Single Sign-On (SSO) for both internal users (staff/faculty) and external users (students). This guide walks you through configuring SSO, managing metadata updates, and ensuring seamless authentication for your users.

If you're looking for guidance on enabling SSO or other authentication methods, visit our <a href="https://help.element451.com/en/articles/8569773-security-authentication-settings">Security + Authentication Settings</a> help article.

___________________________________________________________

To use your school's SAML2 SSO provider for either internal users (staff) or external users (students/contacts), you'll need to add your metadata to the SSO Authentication Settings:

- Settings &gt; Manage Users &gt; Security

Find the Appropriate User Type Section

- SSO must be configured separately for Internal Users (staff/admins) and External Users (students).
- On this page, locate the relevant section:
 - SSO Authentication for Internal Users
 - SSO Authentication for External Users

- Click the + Create SSO Authentication button.

- Paste your SSO Metadata URL or XML provided by your Identity Provider (IdP). <img src="https://downloads.intercomcdn.com/i/o/h9r2yo9x/1376179551/02a38ad998bfd4de747f27a5ad56/Note.png?expires=1740204000&amp;signature=ab1bea89de18e87e6889ebf5e24891802b838f07faf0eacbe7f8abb7fb271df9&amp;req=dSMgEMh5lIRaWPMW3Hu4gVFVopSHaUQRTVfrRCtIJ2A7Xq5%2FDXB6QamX6JCw%0AfA%3D%3D%0A" width="59" alt=""> If you're also prompted to enter a <code>single sign-on service provider URL</code>, please <a href="https://intercom.help/element451/en/articles/9717577-element451-live-support-access-assigning-seats" rel="nofollow noopener noreferrer" target="_blank">contact Element451 Live Support</a> for assistance.

Confirm that SSO is enabled for the user type(s) in Internal and/or External Authentication Settings.

1. Navigate to SSO Settings
 - Settings &gt; Manage Users &gt; Security
2. Find the Appropriate User Type Section
 - SSO must be configured separately for Internal Users (staff/admins) and External Users (students).
 - On this page, locate the relevant section:
 - SSO Authentication for Internal Users
 - SSO Authentication for External Users

3. Create a New SSO Configuration
 - Click the + Create SSO Authentication button.
4. Enter Metadata
 - Paste your SSO Metadata URL or XML provided by your Identity Provider (IdP). <img src="https://downloads.intercomcdn.com/i/o/h9r2yo9x/1376179551/02a38ad998bfd4de747f27a5ad56/Note.png?expires=1740204000&amp;signature=ab1bea89de18e87e6889ebf5e24891802b838f07faf0eacbe7f8abb7fb271df9&amp;req=dSMgEMh5lIRaWPMW3Hu4gVFVopSHaUQRTVfrRCtIJ2A7Xq5%2FDXB6QamX6JCw%0AfA%3D%3D%0A" width="59" alt=""> If you're also prompted to enter a <code>single sign-on service provider URL</code>, please <a href="https://intercom.help/element451/en/articles/9717577-element451-live-support-access-assigning-seats" rel="nofollow noopener noreferrer" target="_blank">contact Element451 Live Support</a> for assistance. 
5. Save your Configuration
6. Confirm that SSO is enabled for the user type(s) in Internal and/or External Authentication Settings.

Service Provider (SP) URL: If your IdP requires an SP URL before generating metadata, <a href="https://intercom.help/element451/en/articles/9717577-element451-live-support-access-assigning-seats" rel="nofollow noopener noreferrer" target="_blank">contact Element451 Live Support</a>.

- Service Provider (SP) URL: If your IdP requires an SP URL before generating metadata, <a href="https://intercom.help/element451/en/articles/9717577-element451-live-support-access-assigning-seats" rel="nofollow noopener noreferrer" target="_blank">contact Element451 Live Support</a>.

NameID Mapping: Ensure that the SAML2 <code>NameID</code> attribute is mapped to the <code>emailAddress</code> value in your IdP settings.

- NameID Mapping: Ensure that the SAML2 <code>NameID</code> attribute is mapped to the <code>emailAddress</code> value in your IdP settings.

For successful SSO login, the email address must match a <a href="https://help.element451.com/en/articles/2735199-adding-managing-internal-users">user account</a> in Element451.

- For successful SSO login, the email address must match a <a href="https://help.element451.com/en/articles/2735199-adding-managing-internal-users">user account</a> in Element451.

Learn how to add internal users to Element451 <a href="https://intercom.help/element451/en/articles/2735199-adding-managing-internal-users" rel="nofollow noopener noreferrer" target="_blank">here</a>.

If your SSO signing certificate is set to expire, you’ll need to update the certificate to maintain uninterrupted authentication. Element451 does not actively monitor your metadata for updates. Therefore, it’s important to remember to update your metadata when your certificate is renewed:

Work with your SSO provider to regenerate your SSO signing certificate. Once this is done, the updated certificate will be reflected in your metadata URL/file.

Navigate to Settings &gt; Manage Users &gt; Security.

Replace the current metadata with your updated metadata URL or file.

1. Work with your SSO provider to regenerate your SSO signing certificate. Once this is done, the updated certificate will be reflected in your metadata URL/file.
2. Navigate to Settings &gt; Manage Users &gt; Security.
3. Locate the expired authentication.
4. Replace the current metadata with your updated metadata URL or file.
5. Save your changes.

Configuring + Managing Single-Sign-On (SSO)

AI Resources

Blog

Webinars

Guides & White Papers

Ask Bolt Assistants for Help

Resources

Integration Guide

User Community

Find answers and get help from Intercom Support and Community Experts

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Title

Track the progress of all tickets related to your company.

Tickets portal.

{assigneeName} needs more information from you

Tickets

No access to tickets portal

English

url(https://downloads.intercomcdn.com/i/o/h9r2yo9x/647260/ec6eaf7040f22848ddf44a673866/3250bcd0c484fd5be98ba65322f5430a.png)

Overview

Configuration of SSO

Renewing Your SSO Certificate