What We Need From You

Scope: What your IT team provides so users can sign in with your institution's single sign-on. CampusCore supports SAML 2.0 and OIDC.

---

Identity provider details

From whoever manages your identity provider (Microsoft Entra, ADFS, Okta, Google, and similar):

• Protocol - SAML 2.0 or OIDC.
• IdP Entity ID - the identity provider's identifier.
• IdP Metadata URL - the metadata endpoint, if available (optional but convenient).
• Sign-on URL (SSO URL) - where users are sent to authenticate.
• Sign-out URL (SLO URL) - where users are sent to log out.
• Signing certificate - the IdP's X.509 certificate, in PEM format.
• Attribute names - which claims carry the user's email, first name, and last name.
• Login button label - what the sign-in button should say, for example "Howard SSO".

Roles (optional, but recommended)

CampusCore can assign each user the right level of access automatically based on their group membership in your IdP. To enable that, also provide:

• Groups claim name - the exact claim that lists a user's groups, for example groups, member_of, or roles. Leave this out to skip automatic role assignment.
• Group values to map - the exact group values (short names for OIDC, full directory names like CN=Advisors,OU=Staff,DC=vsu,DC=edu for Active Directory) and which CampusCore role each should grant.
• Case sensitivity - whether your group values are case-sensitive. Active Directory groups usually are not; OIDC group names usually are.

---

Next: How It Works.