WorkOS Docs Homepage
Integrations
API referenceDashboardSign In
Integrations

ClassLink

Learn how to configure a connection to ClassLink via SAML.

Each SSO Identity Provider requires specific information to create and configure a new Connection. Often, the information required to create a Connection will differ by Identity Provider.

To create a ClassLink SAML Connection, you’ll need the Identity Provider Metadata URL that is available from the organization’s ClassLink SAML instance.

Start by logging in to your WorkOS dashboard and browse to the “Organizations” tab on the left hand navigation bar.

Select the organization you’d like to configure a ClassLink SAML Connection for, and select “Manually Configure Connection” under “Identity Provider”.

A screenshot showing the "Manual Configure Connection" option in the WorkOS Dashboard.

Select “ClassLink SAML” from the Identity Provider dropdown, enter a descriptive name for the connection, and then select the “Create Connection” button.

A screenshot showing a ClassLink connection being created in the WorkOS Dashboard.

WorkOS provides the ACS URL, the SP Metadata link and the SP Entity ID. They are readily available in your Connection Settings in the Developer Dashboard.

The SP Metadata link contains a metadata file that the organization can use to set up the SAML integration.

A screenshot showing the Service Provider Details provided by WorkOS for a ClassLink connection in the WorkOS Dashboard.

In order to integrate you’ll need the IdP Metadata URL.

Normally, this will come from the organization’s IT Management team when they set up your application’s SAML 2.0 configuration in their ClassLink instance. Here’s how to obtain them:

Login to the ClassLink Management Console (CMC), click Single Sign-On and select SAML Console.

Click ADD NEW or COPY EXISTING. Copy Existing contains pre-configured SAML apps which need to be updated to fit your unique settings.

A screenshot showing where to select "Add Application" in the ClassLink console.

Edit the new application by click the three dots menu icon, and then selecting Edit.

A screenshot showing where to edit the ClassLink application.

Update the Metadata URL in the ClassLink application settings with the SP Metadata URL provided to you by WorkOS.

A screenshot showing where to enter the SP Metadata URL in the ClassLink application settings.

Under the “Attribute Mapping” section of the SAML app, map the following four attributes as shown below, and the select “Update”.

  • idLogin id
  • emailEmail
  • firstNameGiven Name
  • lastNameFamily Name
A screenshot showing how to input user attribute mapping in the ClassLink dashboard.

With identity provider role assignment, users can receive roles within your application based on their group memberships. To return this information in the attribute statement, map the groups in your identity provider to a SAML attribute named groups.

Finish role assignment set-up by navigating to the Connection page in the Organization section of the WorkOS Dashboard. Create connection groups referencing the group IdP ID. Then, assign roles to connection groups so users in those groups will automatically be granted roles within your application.

Copy the IdP Metadata URL from your ClassLink SAML settings and upload it to your WorkOS Connection settings.

A screenshot highlighting where the ClassLink Metadata URL is located in the ClassLink console.

In the Connection settings in the WorkOS Dashboard, click “Edit Metadata Configuration”.

A screenshot highlighting the "Edit Metadata Configuration" button in a Connection details view in the WorkOS Dashboard.

Paste the Metadata URL from ClassLink into the “Metadata URL” field and select “Save Metadata Configuration”.

A screenshot showing how to input the Metadata URL into the Connection in the WorkOS Dashboard.

Your Connection will then be linked and good to go!