Microsoft Single Sign-On
Microsoft SSO can be set up in two ways:
1) User accounts are created in advance. When using this option, all that is needed is to pre-register users and switch on Microsoft SSO, OR
2) TypeTastic is set up in your Azure AD and user accounts are created on demand (auto-provisioned) at first successful login.
1) Microsoft login with pre-registered users
For Microsoft SSO to work without setup in Azure AD, user accounts with matching email addresses need to exist in TypeTastic. Roster your account with CSV upload or manually so that user records include students’ and teachers’ Microsoft email addresses either in the username or the email field.
Once the user accounts have been created, go to Login Settings and switch Login using Microsoft to enabled. In this case, you do not need to enter your Azure AD tenant ID in TypeTastic.
2) Microsoft login with auto-provisioning of user accounts
TypeTastic can be set up to create teacher and student accounts at successful login via Microsoft. TypeTastic reads the JobTitle attribute in the Azure response and assigns teacher role automatically if JobTitle value is Teacher. TypeTastic account administrator can upgrade users to teacher, school admin or account admin roles once the account has been created or you can create such user accounts in TypeTastic in advance.
Please follow these steps in TypeTastic and in Azure control panel to set up Microsoft SSO with auto-provisioning of user accounts.
Setup in TypeTastic
- Account administrator needs to add to TypeTastic all schools in the district that are included in the subscription and will use the resource. This is required so that teachers can pick their school at first login. Creating school administrators is optional.
- Scroll down to 'Login settings', swich Microsoft SSO on and enter your Azure AD TenantID.
- Go to your TypeTastic login page and sign in with your own credentials. Then go to your Azure AD control panel to continue.
Setup in Azure AD
TypeTastic uses OIDC to authenticate users and we are a publisher verified by Microsoft.
- Go to your Azure control panel and select 'Enterprise applications'. Search for TypeTastic; if you logged in with your Microsoft credentials, the application will show up in the list and you can configure it further and skip step 2. If it does not show up, go back to TypeTastic and sign in and it will appear.
- Click on TypeTastic and go to Properties. If your subscription is for the entire district, then you do not necessarily need to assign TypeTastic to users. However, if your subscription is for some schools only, you should set "User assignment required" to Yes and under Users & Groups, assign the app to the schools covered by the license.
- Check Permissions tab. If you have not already, you can at your option grant admin consent to TypeTastic on behalf of all users. Typing Master Finland Oy will be shown as the publisher of TypeTastic and has been verified by Microsoft.
- Ready. Student and teacher accounts now get created on demand when they start using TypeTastic and are successfully authenticated against your Azure AD tenant.
Important! Students need a class code to join
When auto_provisioining is in use and users get authenticated against your Azure AD tenant, students need a class code to join.
Classes should be the teachers themselves once they have successfully signed in and before students start to work with the application. Class code is created in class settings.
Teachers need to share the class code with students so that they can join their class. If a student does not have a class code, account will not get created and they will not be able to join their class and use TypeTastic.