This guide walks you through configuring Single Sign-On (SSO) between Microsoft 365 (Azure AD) and RollCall using SAML 2.0.

Overview

By completing this setup, your users will be able to:

• Log into RollCall using their Microsoft 365 credentials

• Avoid managing separate passwords

• Experience a secure and seamless login process

Before You Begin

Make sure you have:

• Admin access to Azure Portal

• Access to RollCall SSO Setup Wizard

• Your school’s RollCall domain (e.g. schoolname.rollcall.com.au)

⚙️ Step-by-Step Configuration (Azure AD)

Step 1 – Access Azure Active Directory

1. Go to: https://portal.azure.com

2. Navigate to:
   Azure Active Directory → Enterprise Applications

Step 2 – Create a New Application

1. Click New application

2. Select Create your own application

3. Enter a name (e.g. RollCall SSO)

4. Choose:
   “Integrate any other application you don't find in the gallery”

5. Click Create

Step 3 – Configure Single Sign-On (SAML)

1. Open your newly created application

2. Navigate to: Single sign-on

3. Select SAML

Step 4 – Basic SAML Configuration

In the Basic SAML Configuration section:

? These values are available in the RollCall SSO setup wizard.

Step 5 – Configure User Attributes & Claims

1. Go to User Attributes & Claims

2. Ensure the following is configured:

NameID

• Format: EmailAddress (recommended) or Persistent

• Source:

  user.userprincipalname
  

Important Note ⚠️

If your users’ UPN is NOT their email address:

• Add a custom claim:

  • Name: email

  • Source attribute: user.mail

This ensures RollCall can correctly match users.

Step 6 – Assign Users or Groups

1. Go to Users and groups

2. Click Add user/group

3. Assign:

   • Staff

   • Parents (if applicable)

? Recommended for testing:
Start by assigning only a single test user

Step 7 – Download SAML Metadata

1. Go to SAML Certificates section

2. Download:

   • Federation Metadata XML
     or

   • Copy the App Federation Metadata URL

Complete Setup in RollCall

Once Azure AD is configured:

1. Open the RollCall SSO Setup Wizard

2. Upload or paste your metadata XML / URL

3. Map required attributes (email, name, etc.)

4. Run a Test Login

5. Click Activate SSO

Testing the Integration

Before going live:

• Use a test account

• Confirm:

  • Successful login via Microsoft

  • User is matched correctly in RollCall

❗ Troubleshooting Tips

? Key Notes

• RollCall uses email address to identify users

• SSO must be activated after testing

• Each school’s configuration is isolated and secure

✅ Summary

By completing this setup:

• Users log in via Microsoft 365

• Authentication is handled securely via SAML

• Admins maintain full control through Azure AD

Here to link to:

• SSO - Setting up your SSO Integration