Introduction
RollCall's Single Sign-On (SSO) integration is designed to streamline the user authentication experience for both staff and parents, while upholding enterprise-grade security standards. This guide provides an overview of supported standards, setup requirements, user experience workflows, and support options to help you implement SSO effectively within your environment.
Supported Standards
RollCall currently supports integration with SAML 2.0 compliant Identity Providers (IDPs). This ensures broad compatibility with widely used identity platforms and simplifies deployment for IT teams.
Availability and Access
SSO functionality is available to all RollCall clients, but typically works more seamlessly when used in conjunction with a student details API (TASS, Wonde, Sentral) . It also delivers a consistent experience across both web and mobile interfaces.
Prerequisites for Implementation
Before initiating SSO integration, ensure you have an existing SAML 2.0-compatible identity provider (IdP) and that the RollCall user’s email address is passed as a SAML attribute (e.g., NameID or a dedicated email attribute) during authentication. This attribute must consistently match the email address (username) stored in the RollCall system for each user.
Security and Data Handling
RollCall prioritizes security in all aspects of SSO integration:
We use secure token exchange mechanisms and encryption to safeguard authentication flows.
Only essential attributes (specifically, the email address) are exchanged during SSO authentication.
All user data is securely hosted on our AWS infrastructure. No additional personal information is transmitted.
Technical Setup and Configuration
To configure SSO with RollCall, clients are required to provide the following information:
SSO Endpoint URL
SP Entity ID
Attribute mappings (we primarily use the email attribute)
Test user credentials for validation purposes
Identity Provider (IDP) Metadata XML File
RollCall ACS URL: https://konect-api-v2.rollcall.com.au/rollcall-sso/v1/acs/
Supported IDPs include:
Microsoft Entra (formerly Azure AD)
Google Workspace
K12 Solutions
OKTA
ForgeRock
Other SAML 2.0 compliant providers may also be supported upon review.
User Authentication Workflows
RollCall supports multiple authentication workflows to suit diverse organisational needs:
SP-initiated SSO: Users start the authentication process through a dedicated SSO login button on RollCall.
IDP-initiated SSO: Users begin authentication on your Identity Provider’s portal and are redirected to RollCall upon successful login.
Hybrid Authentication: Users can choose between SSO and standard username/password login, enabling flexible access control.
Support for Mixed Authentication
RollCall supports heterogeneous authentication, allowing both SSO and traditional RollCall login methods to coexist. This is ideal for environments where not all parent users can authenticate through a centralised IDP. e.g. neighbours, grandparents, au pairs.
Cost and Future Developments
There are no additional costs for SSO integration. It is a standard feature available to all clients.
We are actively exploring support for additional protocols such as OAuth and OpenID Connect as part of our product roadmap. These protocols may require more complex integrations and will be announced as they become available.
Need Help?
If you have questions or require assistance with your SSO integration, please contact the RollCall support team via email to support@rollcall.com.au.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article