Overview: Using SSO to sign in to Unifrog

In a nutshell

SSO allows students and teachers to login to Unifrog via their Google or Microsoft accounts, as well as by using their Unifrog usernames and passwords. It can make logging in much quicker! We do not charge for using our SSO integrations.

Getting started

Asking us to switch SSO on for your school/college

The teacher who is the lead contact at your school or college (known as the 'Unifrog champion') needs to ask someone at Unifrog to switch it on for you.

You can see who the Unifrog champion is at your school/college here.

The best way for the teacher champion to contact us is by email, or by sending us a message here.

Technical admin at your school/college giving permission

It is often the case that a user with admin permissions for your school / college's Google or Microsoft account needs to grant access for other users at your school / college to login to Unifrog with SSO.

You should find out by speaking to your technical team if this is the case at your institution.

If someone at your school / college tries to login with SSO before the admin has given permission, they'll see an interface like one of the two below (as you can see, these interfaces instruct you to send the admin at your school / college a request to grant permission. We cannot send this request to them for you).

The Google version:
And here's the Microsoft one:

How do I know if my school / college has SSO switched on?

When SSO has been switched on, all teachers see a pop up on their teacher homepage telling them that SSO is now enabled. Teachers can also see their school / college SSO status here. And - of course - you'll be able to sign in using SSO!

Creating new student and teacher accounts after SSO is switched on for your school / college

SSO does not change how new student and teacher accounts are created (this is still either by syncing with your MIS, or on Unifrog manually / by csv upload). However, when new student and teacher accounts are created after SSO is switched on for your school / college, these new students and teachers can choose to login to Unifrog using SSO without ever choosing a Unifrog password. They can pick a Unifrog password later if they wish, meaning they can also login using the username and password method.

 

Hosted Domain (Google) and Tenant ID (Microsoft)

What is a Hosted Domain / a Tenant ID?

These are IDs for your school's or college's Google or Microsoft account.

It is not necessary for SSO to work, but for an extra layer of security, we recommend that you supply us with your institution's Hosted Domain (Google) or Tenant ID (Microsoft).

If you do this, we will make it so that people with student or teacher accounts will only be able to use SSO with official email addresses for your institution. If they use a personal email address they will not be able to use SSO, but they will be able to use the normal username and password login method.

Where do you find your Hosted Domain / Tenant ID?

A member of your technical team will know what your Hosted Domain / Tenant ID is. Normally you will give us this information when we first switch on SSO for your school / college.

Microsoft IDs are a code, eg 'abf988bf-86f1-41af-91ab-2d7cd011db46', while Google Hosted Domains are website domains, eg 'school.com'.

What else is there to know about Hosted Domains / Tenant IDs?

On Unifrog a school can have up to two Hosted Domains; often one is used for student accounts, and another for teacher accounts.

Sometimes, but not always, all the schools / colleges within a single school or college group use the same Hosted Domains / Tenant IDs. Your technical team will know if this is the case for you.

You can choose to have us set up SSO without initially giving us your Hosted Domain or Tenant ID, and then we can add it later for you.

You can see whether you have a Tenant ID or Hosted Domain(s) added for you on your Unifrog setup page.

 

SSO FAQs
 

Do we need to register Unifrog as an app in Microsoft Azure?

No, you don't need to register Unifrog as an app in your Microsoft Azure environment.

Unifrog is a centrally hosted platform, and we manage the Microsoft SSO integration on your behalf. That means all technical setup is already handled. There's no need for your IT team to configure anything in Azure.

Some other platforms require each school or college to register their own app because they offer self-hosted or on-premise setups. Unifrog does not support self-hosting, so this step is not necessary.

If you want to restrict Microsoft SSO access to users in a specific Tenant, we can apply that restriction for you. Just provide us with your Tenant ID.

Two-factor authentication

For SSO, two-factor authentication is managed by Google or Microsoft, not by Unifrog, and it tends to be enabled as standard. Separately, for Unifrog's own username and password system, teachers can have two-factor authentication applied. If you already have a Unifrog teacher account you can find our guide about Unifrog's two-factor authentication for the username and password login method here.
 

Parent accounts and SSO

On Unifrog, parents can have their own dedicated sort of account which lets them: explore the platform like their child can, see opportunities particularly relevant for their child, and join live events for parents - see more here.

To create a parent account:

• First the parent's email address has to be added in the 'Parent / Caregiver email address' field on their child's Unifrog profile by the school
• Next the parent opens their own account on this page

Regarding parents and SSO:

• Parents can use SSO as well as the username and password method.
• Parent accounts are not tied to particular schools. So if a parent signs in using SSO, the Microsoft Tenant ID or Google Hosted Domain of their child's school is not relevant.

Problems logging in

If you're a teacher, you can check if your school / college has SSO enabled here.

If a student or teacher is having trouble logging in via SSO, it might be because their Google or Microsoft username is not the same as the one that exists on Unifrog. After you've updated the usernames on Unifrog, they should be able to login fine. Teachers can find guides on managing student accounts here, and guides on managing teacher accounts here.

What sorts of devices work with SSO?

SSO works on any device where the user can sign into the Google or Microsoft account that's associated with their Unifrog username.

So, if at your school/college people can only sign into their Google or Microsoft account using a school or college device, you won't be able to use SSO on personal devices. However you'll still be able to sign in via the username and password method (and you can reset your password if you can't remember it, or haven't chosen one yet!)

My school / college is part of group. Can we have SSO switched on in bulk?

Yes you can. You need to ask your Unifrog contact to do this for you. Your Unifrog contact will need to know if you use Google or Microsoft, and what your Hosted Domain(s) / Tenant ID is (including whether this is the same for each member of the group).