SAML SSO Integration

  • Last updated on July 12, 2021 at 8:01 AM

SAML stands for Security Assertion Markup Language. It is an XML-based open-standard for transferring identity data between two parties: an identity provider (IdP) and a service provider (SP).

Identity Provider - Performs authentication and passes the user's identity and authorization level to the service provider.

Service Provider - Trusts the identity provider and authorizes the given user access to the requested resource.

SAML provides a single point of authentication, which happens at a secure identity provider. Then, SAML transfers the identity information to the service providers. This form of authentication ensures that the credentials are sent only  to the IDP directly.

SAML for Single Sign-on

MagicBox integration with SAML is used for single sign-on (SSO) and is connected with the different Student Information Systems (SIS) that support SHA-1. Here, MagicBox acts as a service provider and the district is the identity provider.

The district shares the Idp.xml with MagicBox and MagicBox shares the sp.xml with the district. Both district and MagicBox then upload the .xml files on their respective servers. SAML SSO authentication typically involves the trust establishment and authentication flow stages between an Identity Provider and Service Provider.

Note: MagicBox connects with multiple IDPs at the same time.

  • MagicBox has enabled a  “Log in with SAML” button on the MagicBox login screen.   

After clicking on the "Login with SAML" button on the login page, the user will need to select the district from the drop-down menu. 

  • The user is automatically logged in to the MagicBox portal without being required to provide authentication credentials (username and password) again.

Please note: SAML cannot be used for SSO without user rostering. Users can be rostered on the portal voa OneRoster 1.1 API, CSV or SFTP sync methods. 

SAML SSO process flow: 

  1. The user tries to log in to MagicBox from the browser.
  2. MagicBox responds by generating an SAML request.
  3. The browser redirects the user to an SSO URL, Auth0
  4. Auth0 parses the SAML request and authenticates the user. This could be with username and password. If the user is already authenticated on Auth0, this step will be skipped. Once the user is authenticated, Auth0 generates an SAML response.
  5. Auth0 returns the encoded SAML response to the browser.
  6. The browser sends the SAML response to MagicBox for verification.
  7. If the verification is successful, the user will be logged in to MagicBox and granted access to the content that they are authorized to view.  


Was this article helpful?