SAML is a single sign-on protocol supported by various applications. Student Success & Engagement (SS&E) also supports SAML. Note that SS&E only supports service provider initiated SSO via SAML. IdP initiated SSO is not supported.
If you are an existing customer and your institution would like to move from another authentication method to SAML, please reach out to your CSM or Submit a request submit a support request for help
NOTE: If using Microsoft/ADFS, use Authentication via Microsoft Entra ID/Azure AD for SS&E authentication instead. We strongly recommend Entra/Azure authentication if available to you as it is fast, reliable, and typically does not require ongoing maintenance like ADFS.
- Watermark will provide SS&E metadata to the institution, which contains the information necessary to configure SS&E as a service provider.
- The institution must provide the following information to Watermark:
Note: If you are using SS&E and Next or a test instance you will need a separate service provider configuration for each one.- SAML Identify Provider (IdP). This is the brand and/or type of provider your institution is using
- SAML IdP metadata/url
- IdP endpoint
- IdP EntityId
- Attribute(s) that uniquely identify your users. This could be their email address, SIS identifier, or other attributes. These attributes are used to identify a single user account with the SS&E software. This is generally included on the Person data feed as the username or email address fields.
Additional Instructions
Please follow additional instructions if using Quicklaunch 8.
Please follow additional instructions if using OneLogin.
Multifactor Authentication
MFA as authentication is handled via the institution's authentication/SSO provider. For assistance, clients should reach out to their own IT team as this is not handled by SS&E.