This guide walks you through configuring Single Sign-On (SSO) between ADFS and RollCall using SAML 2.0.
Overview
By completing this setup, your users will be able to:
Log into RollCall using their Active Directory credentials
Avoid managing separate passwords
Experience a secure and seamless login process
Before You Begin
Make sure you have:
Admin access to your ADFS Server
Access to the RollCall SSO Setup Wizard
Your school’s RollCall domain (e.g.
schoolname.rollcall.com.au)
⚙️ Step-by-Step Configuration (ADFS)
Step 1 – Open ADFS Management Console
Log into your ADFS server
Open:
Server Manager → Tools → AD FS Management
Step 2 – Add Relying Party Trust
In the left panel, right-click:
Relying Party TrustsSelect:
Add Relying Party TrustChoose:
Claims aware
Click Start
Step 3 – Select Data Source
Choose:
Enter data about the relying party manuallyClick Next
Enter:
Display Name:
RollCall
Step 4 – Configure SAML Endpoint
Select Enable support for the SAML 2.0 WebSSO protocol
Add the following endpoint:
| Field | Value |
|---|---|
| Endpoint URL (ACS URL) | https://konect-api-v2.rollcall.com.au/rollcall-sso/v1/acs/ |
| Binding | POST |
? This is the RollCall Assertion Consumer Service (ACS) endpoint.
Step 5 – Configure Relying Party Identifier
Add your school’s unique identifier:
Example:
bmgRollCallSSO
? This value must match what is configured in RollCall.
Step 6 – Configure Access Control Policy
Choose an access control policy, such as:
Permit everyone (recommended for initial setup/testing)
orRestrict to specific users/groups
Step 7 – Finish Setup
Complete the wizard
Ensure the relying party trust is created successfully
Configure Claims (Important)
After creating the trust:
Right-click your RollCall Relying Party Trust
Select Edit Claim Issuance Policy
Add the following claims:
| Claim Type | Mapping |
|---|---|
| Active Directory → E-Mail Address | |
| First Name | Given Name |
| Last Name | Surname |
? Ensure the email claim is present, as RollCall uses this to identify users.
Complete Setup in RollCall
Once ADFS is configured:
Open the RollCall SSO Setup Wizard
Enter your ADFS details:
SSO URL (ADFS endpoint)
Entity ID
Certificate
Map required attributes
Run a Test Login
Click Activate SSO
Testing the Integration
Before going live:
Use a test account
Confirm:
Successful login via ADFS
User is matched correctly in RollCall
❗ Troubleshooting Tips
| Issue | Likely Cause | Solution |
|---|---|---|
| Login fails | Incorrect endpoint | Verify ACS URL |
| User not found | Missing email claim | Check claim rules |
| Access denied | Policy restriction | Adjust access control policy |
| Authentication loop | Identifier mismatch | Confirm Entity ID matches RollCall |
? Key Notes
RollCall uses email address to identify users
Claims must include email, first name, last name
SSO must be activated after testing
Each school configuration is secure and isolated
✅ Summary
By completing this setup:
Users log in via Active Directory credentials
Authentication is handled securely via ADFS (SAML)
Admins maintain full control via ADFS policies
Here to link to:
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article