/
SSO Integration Overview

SSO Integration Overview

Overview

The integration of Meshed Student Management System with Microsoft Azure Active Directory (Azure AD) enables Single Sign-On (SSO), allowing users (students and staff) to securely access the Meshed platform using their Microsoft 365 credentials and vice versa. This integration simplifies user authentication, enhances security through centralized identity management, and reduces login friction across systems.

This integration has the following benefits:

Seamless login experience with a single Microsoft 365 account.

Bidirectional user access, Meshed to Microsoft, or vice versa.

Reduced administrative overhead for account creation and password resets.

Improved security with multi-factor authentication (MFA) and conditional access policies from Azure.

Audit and Compliance via the access logs and user activity that can be monitored centrally through Azure AD or also via Meshed.

Key Features

This integration provides the seamless solution for the SSO requirements between the two platforms. Some of the Key Features include the below:

Single Sign-On (SSO): Supports seamless authentication between the Meshed platform and Microsoft 365 using Single Sign-On (SSO). Users can access both platforms without the need to manage separate login credentials.

Meshed to Microsoft 365: Users can log in through the Meshed platform using their Meshed credentials and gain access to Microsoft 365 services.

Azure AD to Meshed: Users can authenticate via Azure Active Directory using their Microsoft 365 credentials to access the Meshed platform (if supported by the configuration).

Secure Authentication: Single Sign-On Authentication is managed by Microsoft via the industry-standard protocol such as OAuth 2 that allows the delegated access.

Group Mapping:

The integration supports mapping Microsoft user groups to Meshed user roles (Staff and Student). Microsoft 365 user groups are retrieved via API and can be associated with the corresponding roles in the Meshed platform. This ensures accurate role assignment and access control based on group membership in Microsoft 365.

Not Supported: Mapping with Distribution Lists or Security Groups.

User Mapping:

The integration allows mapping Meshed users to Microsoft 365 users under their respective roles (Staff or Student). Microsoft 365 users are retrieved via API from the selected groups and can then be linked to corresponding users in the Meshed platform.

Auto Mapping Schedule: Auto-mapping can be scheduled separately for Staff and Students. It matches users based on identical First Name, Last Name, and college email (Meshed) with the Microsoft username.

Manual Mapping: Manual mapping is based on user role and selected groups. Microsoft users can be mapped to Meshed users via drag and drop.

 

Role-Based Access: Ensures that appropriate access levels (e.g., student, staff, teacher) are assigned based on roles defined in Meshed.

Centralised Identity Management: Leverages Azure AD to manage account lifecycles, reducing administrative overhead and improving compliance.

Configurable: The integration provides configurable rules for syncing data, creating Microsoft accounts, setting up domains for Staff or Student users, and enforcing SSO login based on provider requirements.

Microsoft Account Creation: The integration can create Microsoft accounts automatically when Meshed user accounts are created for Students or Staff.

Auto Syncing: User information, including name and account status, is synced between the two platforms including bulk user management in Meshed.

Audit Trail: Meshed maintains detailed logs and activity tracking for all integration actions, including user creation, updates to user details, account status, and user login events.

Setup

This integration requires Application Registration in Azure AD (Microsoft Entra ID), with access credentials to be recorded in Meshed. Providers must configure the necessary application and delegated permissions.

The Microsoft SSO utilises the OAuth 2.0 protocol for authorisation and uses Microsoft Graph API to manage user data and authentication flows, ensuring seamless Single Sign-On and data synchronisation.

Providers must have the appropriate Microsoft Office 365 subscription plans that support Azure AD features required for SSO, group management, and enterprise application setup. These features typically include Azure AD Premium P1 or P2 licenses to enable advanced identity management, conditional access policies, and integration with enterprise applications via OAuth 2.0 and Microsoft Graph API.

Pre-Requisite

Providers must have Meshed Student Portal and Staff Portal features to use this integration for students and staff, respectively.