What is Single Sign-On (SSO) and how does it work in Purple Mash?
What is Single Sign-On (SSO)?
Single Sign-On (SSO) allows both staff and pupils to use their Office 365 or Google (GSuite) email address as their login, thereby using the the same password they already use for those services.
The benefit is that you do not have to remember separate passwords. All password resets and changes are handled by either their Office 365 or Google Account, not Purple Mash (although you can continue to also maintain your original username and password in Purple Mash).
To enable a school to use Single Sign-On, a school administrator must contact our Support team to request it to be enabled for their school account. A school can use Google (personal or GSuite) or Office 365 - or both. Below is an example of a sign-on box for a school that has enabled both:
What to know about using SSO with Purple Mash
Email Matching: A school admin must first input the relevant Office365 or Google email address in the school's Manage Users Dashboard in order for SSO to work. The first time a staff member or a pupil logs in with their Google or Office 365, a window will pop-up and ask them to authenticate via the relevant service. The email address of the Office 365 or Google login must match what is in Manage Users in order to match the pupil or staff member with their Purple Mash account. We do not store the login credentials (or even see them) when access is authenticated via SSO, but we do match the email address to the user within Purple Mash.
Password Changes: If a pupil or staff member changes their Office 365 or Google password (or is required to by their IT department), the next time they login to Purple Mash, they'll be prompted to input their relevant password again. Normally, unless a recent password change has taken place, Purple Mash will bypass the full login screen so that clicking on the Google or Office 365 Sign In button will take them straight into their Purple Mash account.
Class Assignments: Staff and pupils still need to be assigned to classes via the Manage Users Dashboard. SSO does not obviate the need for class assignments.
Role Designations for Staff: Purple Mash school administrators still need to designate staff roles (as either teachers or admins). SSO does not know by itself what rights or permissions a teacher has.
VLE (Virtual Learning Environments): If your school uses a VLE to access Purple Mash, we do not recommend also using SSOs within Purple Mash. Your VLE may permit using SSO so you may wish to contact them to find out more about that possibility.
Sample SSO Login Windows
When you first login to SSO (or after a password change), you'll see one of the following:
To Remove or Revoke SSO Access
For an entire school: Contact our Support Team to have us disable SSO access for your school account. A school administrator must be the person to contact us.
For an individual: Visit the following places to revoke SSO access to your school's Purple Mash account. (Depending on your access rights, if your Office 365 or Google account is managed by your school or your school's IT department, you may not have access to these areas).
- Google individual revocation: Visit https://myaccount.google.com/permissions, view Third-Party apps, and click Revoke Access:
- Office 365: Visit https://portal.office.com/account/#apps (App Permissions) and view the top where it says "You can revoke permission for these apps". Click Revoke at the bottom left of the Purple Mash box: