Currently, 12Twenty offers two options for single sign-on integration with your system -- SAML and CAS. The 12twenty Implementation Team will help coordinate the SSO integration between systems. For other configuration options or 12twenty Proprietary SSO, please reach out to your 12twenty Implementation Manager.
Topics
Login Methods
12twenty supports SSO-only and Concurrent (SSO + Email/Password) login for students and career center users.
|
||
SSO-only login will bypass the 12twenty login landing page and will immediately redirect users from |
|
Concurrent login will direct users to {your-site}.12twenty.com where they will then select SSO or Email & Password authentication. |
SAML
In the past, 12Twenty has done SAML integrations with the following products:
- Shibboleth
- PingFederate
- SSO Easy
- Google SAML
- Azure
- For additional 12twenty & Azure integration support, please review this resource.
Integration with other SAML based products may require extra service fees. To move forward with the SSO SAML integration with 12Twenty, we will need a few things from you:
Item | Details |
SAML EntityID | If you are a part of InCommon, we will use this to look up your metadata and connect |
SAML IdP Metadata |
If you are a not part of InCommon, we will use this to connect instead of the above. Metadata can only be accepted as a URL. Metadata files are not supported. |
SAML Attributes | The SAML attribute(s) to be released to us (e.g. email address or student id) to match up students between systems. We prefer eduPersonPrincipalName (EPPN), urn:oid:1.3.6.1.4.1.5923.1.1.1.6, which is often an email address or student id. |
Testing Account | We will use this on our side to continuously test and monitor the SSO integration between our systems |
Sample Response | This will help us associate the authenticated user to the correct record in our systems. Please include the student identifier in the response. |
Accepted SAML Attributes
EPPN | |
Name |
Name |
UID | |
Name |
12twenty does not support other SAML Attribute values at this time. Please speak to your SSO Implementation Manager if you have any questions. You can reach the Onboarding & Implementation team at Onboarding@12twenty.com.
Pro-Tip: If your users have "vanity" email addresses, the SAML Attribute "MAIL" may not be appropriate.
InCommon Members
If you are a member of InCommon, you can look us up by our EntityID's for our two environments:
Environment | EntityID |
Production | https://sso.12twenty.com/sp |
Stage | https://sso.stage-12twenty.com/sp |
Non-InCommon Members
If you are not a member of InCommon, no problem! You can find our metadata in the following locations:
Environment | Metadata Location |
Production | https://sso.12twenty.com/Shibboleth.sso/Metadata |
Stage | https://sso.stage-12twenty.com/Shibboleth.sso/Metadata |
CAS
To move forward with the SSO CAS integration with 12Twenty, we will need a few things from you:
Item | Description |
Login Url | The location where the user will be redirected to when attempting to access 12Twenty |
ServiceValidate Url | The service that checks the validity of a service ticket and returns an XML-fragment response |
Logout Url | The location that will successfully log out the user from both systems |
User Identifier Examples | This is the unique id of the user that will allow the correlation of users between systems. Examples: homer732, bart.simpson@school.edu |
Testing Account | We will use this on our side to continuously test and monitor SSO integration between systems |
OIDC with Google and Azure Active Directory
12twenty's SSO integration includes the ability to use "Login with Google" and "Login with Microsoft." To use this service, please reach out to your Implementation Manager.
Additional resources for this configuration can be found here.