Single Sign-On (SSO)
Proud member of the InCommon Federation
Proud member of the InCommon Federation
What is Shibboleth?
Shibboleth is an open-source project that provides Single Sign-On capabilities and allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner. Portfolium uses Shibboleth as a participating service provider in the InCommon Federation.
If your school is not an Identity Provider in the InCommon Federation, though still uses Shibboleth or SAML for SSO, please work with our implementations team to configure SSO for your school.
NON-InCommon Setup (SAML2)
Provide your Identity Provider (IdP) metadata via a link or XML file
Please email the XML file or a link to the file to [email protected].
Add our QA Service Provider (SP) metadata file to your configuration so we can test
against our QA servers
You can find our QA metadata file here: https://qa.ops.portfolium.net/sso/metadata
Once verified on QA, please add our PRODUCTION Service Provider (SP) metadata file to
You can find our PRODUCTION metadata file here: https://portfolium.com/sso/metadata
Request time to work with the implementations team to test
Please email [email protected] to set a meeting with your implementation lead and a Portfolium engineer to ensure everything was correctly configured.
Portfolium Shibboleth FAQ
What information does Portfolium retrieve from an Identity Provider?
Portfolium retrieves and uses the following attributes:
"eduPersonPrincipalName": Commonly a user's school email
"eduPersonAffiliation" or "roles": Type of user; student, faculty, alumni
"givenName", "FirstName", or "firstname": User's first name
"sn", "LastName", or "lastname": User's last name
"email" or "Mail": User's email (optional if eduPersonPrincipalName isn't the unique email)
"uid", "username", "employeeNumber", or "EmployeeNumber": User's unique user identifier
What does Portfolium do with the information it retrieves?
Portfolium authenticates existing user accounts and creates new ones if one does not exist for the provided eduPersonPrincipalName (EPPN).
Is the connection between the Identity Providers and Portfolium secure?
Yes, all information transmitted from the Identity Providers and Portfolium is secure over SSL.
How does Portfolium use the eduPersonPrincipalName (EPPN) if my school does not use the EPPN as a unique email?
When the eduPersonPrincipalName (EPPN) is not a valid email (rather a unique ID), the mail attribute can be used in addition to the EPPN to send a unique identifier along with the user's email.
We then link the unique ID from the EPPN as a "spoke" to the core Portfolium Identity. This allows us to have a link to the Portfolium Identity for future lookups even if the user changes their email or name.
What does Portfolium use the eduPersonAffiliation for?
Portfolium is utilized by students, alumni, and educators at each of its partner universities. The smart onboarding experience is customized depending on whether or not the user is a student, alumni, or faculty.
Therefore, the eduPersonAffiliation is used to categorize the user in the system as one of the above.
How does my IT team configure Shibboleth for Portfolium?
You'll need your IT team to update your attribute-filter.xml file with the following configuration...
Note: These are just guidelines, and not an exact guide. As example, sometimes the the afp: prefix will cause an error.
Also, depending on how the default relying party on your idP is set up, you may need a relying party entry:
Remember to replace YOUR_ENTITY_ID_HERE with your actual entityID.
Seamless integration with your LMS allows you to perform SLO and PLO assessment without any duplicate effort
Learn about Portfolium Assessment
Create intentional digital pathways for students to travel along, earn badges, and stay motivated and engaged (completion with a purpose)
Learn about Portfolium Badgelink