Single Sign-On (SSO)
Proud member of the InCommon Federation
Proud member of the InCommon Federation
What is Shibboleth?
Shibboleth is an open-source project that provides Single Sign-On capabilities and allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner. Portfolium uses Shibboleth as a participating service provider in the InCommon Federation.
If your school is not an Identity Provider in the InCommon Federation, though still uses Shibboleth or SAML for SSO, please work with our implementations team to configure SSO for your school.
Current InCommon Participants
InCommon Federation: Participant Operational Practices
NON-InCommon Setup (SAML2)
Provide your Identity Provider (IdP) metadata via a link or XML file
If you are new to Portfolium and setting up SSO for the first time, please email your file/link to your Project Consultant working with you on Technical Implementation.
If you are a current Portfolium user looking to update or edit your SSO configuration, please send your file/link to
[email protected].
Please add our PRODUCTION Service Provider (SP) metadata file to
your configuration
You can find our PRODUCTION metadata file here:
https://portfolium.com/sso/metadata
Portfolium Shibboleth Configuration
Required Identity Provider Attributes
Portfolium retrieves and uses the following attributes:
"eduPersonPrincipalName": Commonly a user's school email
"eduPersonAffiliation" or "roles": Type of user; student, faculty, alumni
"givenName", "FirstName", or "firstname": User's first name
"sn", "LastName", or "lastname": User's last name
"email" or "Mail": User's email (optional if eduPersonPrincipalName isn't the unique email)
"uid", "username", "employeeNumber", or "EmployeeNumber": User's unique user identifier
Authentication and Account Provisioning
Portfolium authenticates existing user accounts and creates new ones if one does not exist for the provided eduPersonPrincipalName (EPPN).
When the eduPersonPrincipalName (EPPN) is not a valid email (rather a unique ID), the mail attribute can be used in addition to the EPPN to send a unique identifier along with the user's email.
We then link the unique ID from the EPPN as a "spoke" to the core Portfolium Identity. This allows us to have a link to the Portfolium Identity for future lookups even if the user changes their email or name.
Is the connection between the Identity Providers and Portfolium secure?
Yes, all information transmitted from the Identity Providers and Portfolium is secure over SSL.
What does Portfolium use the eduPersonAffiliation for?
Students, alumni, and educators can utilize Portfolium at each of its partner universities. The smart onboarding experience is
customized depending on whether or not the user is a student, alumni, or faculty.
The eduPersonAffiliation categorizes the user in the system and provides a customized onboarding process.
Shibboleth Configuration Edits
You'll need your IT team to update your attribute-filter.xml file using the configuration guidelines below. IMPORTANT: Remember to replace YOUR_ENTITY_ID_HERE with your actual entityID.
Note: These are just guidelines, and not an exact guide. As example, sometimes the the afp: prefix will cause an error.
Also, depending on how the default relying party on your idP is set up, you may need a relying party entry:
Remember to replace YOUR_ENTITY_ID_HERE with your actual entityID.
Seamless integration with your LMS allows you to perform SLO and PLO assessment without any duplicate effort
Learn about Portfolium Assessment
Create intentional digital pathways for students to travel along, earn badges, and stay motivated and engaged (completion with a purpose)
Learn about Portfolium Badgelink
Unlock the full potential of your student success initiatives with Portfolium's all-in-one solution