Quick Start Guide

This Quick Start Guide helps you to start using SSO Passport quickly by providing you with some basic information. Links to more detailed information and instructions are included where appropriate. You may also open the User/Administrator Guide Table of Contents to browse a complete list of topics (opens in a new browser tab/window).


Note: This page contains numerous links to articles in the User/Administrator Guide that contain detailed information and instructions. These links include the notation "opens a new article" and clicking them opens the specified content in a new browser tab/window. This page remains open in the same tab/window so you will stay on your tab..

On a very basic level, getting started with SSO Passport involves the following five-step procedure:

  1. Signing In to SSO Passport and accessing the Admin Console: See Signing In to SSO Passport.

  2. Creating Organizations: Once you have accessed the Admin Console, you will be able to manage your Organization and create/manage sub-organizations. See Organizations.

  3. Creating User Accounts: In order to create user accounts, you need to populate Organizations with user account information. Each user will ordinarily be assigned to a Role and optionally a Group. See Users.

  4. Acquiring Resources (Catalog): The Catalog allows you to activate Resources (such as SSO,  Provisioning connectors, and RDI,  online courses and web applications) that students and teachers will use as part of the educational process. See Catalog.

  5. Configuring and assigning Resources: Once purchased or activated, Resources need to be assigned to Roles and/or users in order to make sure that the corresponding people can access and use those Resources. See Resources.

Step 1: Signing In to SSO Passport

To sign in to Edutone Passport and the Admin Console:

  1. Open a web browser and navigate to https://your_instance.edutone.net.

  2. Enter your contry, state ( the USA) or province (Canada) then in appeared  box below enter the name of your school or select your Organization from the list using the drop-down menu that appears.

  3. Enter username and password in the appropriate fields and then click Sign In.

After signing in, you can access the Admin Console by clicking the Admin Console link in the Toolbar.

To sign out of SSO Passport or the Admin Console, click the Sign Out button in the Toolbar. See Signing In and Out (opens a new article) for more information.

back to top


Step 2: Organizations

As described in Definitions (opens a new article), an Organization is an accredited educational or corporate institution that is configured to accessSSO Passport. Each Organization forms part of a hierarchical arrangement of parent and child Organizations. For example, a state Department of Education may be configured as a parent Organization with school districts configured as child Organizations. In this example, individual schools will then be child Organizations under their respective school districts. Please, see Architecture (opens a new article) for more information about Organization hierarchies. This section contains basic instructions for adding and editing an Organization, using the built-in web functions. Additional links open User/Administrator Guide articles, containing additional instructions.  

back to top

Adding an Organization (Web Form)

By default, at least one Organization will appear in the Admin Console My Organizations screen. There are two ways to add additional Organization(s):

  • Individually, using the web form. This method is usually the best if you only need to add one or a few Organizations.

  • In bulk by uploading a (CSV) file, as described in CSV Upload (opens a new article). This method is usually the best if you need to add multiple Organizations at once.

To add an Organization, using the web form:

NOTE. Administrator of org type as a school is not allowed to create new organization

  1. Select Org Admin>Manage Organizations, and click the Add Organization icon (plus sign) to open the Add Organization screen.
  2. Enter the appropriate information in each field, information about each field is shown in Add Organization
  3. Click the grey Add Organization button to finish adding the new Organization.

back to top

Adding Organization(s) (CSV File)

The CSV File Upload feature allows you to add multiple Organizations and sub-Organizations at once. To add Organizations using a CSV file:

  1. Select Org Admin>Manage Organizations, and then click the Upload CSV icon

  2. In the appeared Import Details screen you can either upload properly formatted  CSV file or click the Download Template link and select the Organizations template from the pull-down menu.

  3. The template has 12 columns of essential data corresponding to fields on the web form and you may add a necessary number of organizations by filling in all of these columns and save the completed CSV file.

  4. In the Import History screen, by clicking the Add File button you upload the file to the Admin Console.

SSO Passport will validate the uploaded file. If validation fails, a red Validation failed link  lists the specific error(s) that caused validation to fail. After editing  the inappropriately filled columns you can upload CSV file again.

See The CSV Upload Screen (opens a new article) for more information on validating and managing uploaded files.

back to top

Editing an Organization

To edit an existing Organization:

  1. Select Org Admin>Manage Organizations and then click the name of the Organization you want to edit in the Update Organization screen, where you modify the Organization and then click the Update Organization button to save your changes
  2. Select Org Admin>Manage Organizations and then click the name of the Organization you want to edit to open the Update Organization screen.

  3. Modify the Organization as needed, and then click the Update Organization button to save your changes and return to the previous screen.

Please see Editing an Organization (opens a new article) for more information.

back to top

Managing Administrators

In OrgAdmin tab you choose the Organization for which you will manage administrators. You click the Manage Administrator Link for respective Organization.

In Manage Administrator pop-up window you can:

  1. See the list of Assigned Administrators. Unassign button is located next to each Administrator.
  2. See the list of existing users’ accounts and every user can be assigned as an administrator.

Select an Administrator for the Organization as described in Managing Administrators (opens a new article).

back to top

Creation of Super Admin by Sys Admin

The Roster Data Integrations tab and the ability to activate RDI Products from the Catalog are available only to those School Admins who are designated as “Super Admins” by Sys Admin. An Org Admin can become a Super Admin and it can be done by Sys Admins within the Org Admin tab in menu.

back to top

Deleting an Organization

In OrgAdmin tab  you can tick the checkbox of chosen organization and click Delete button

NOTE. All users of chosen organization(s) will automatically be deleted. Administrator is not allowed to delete own organization.

back to top

Step 3: Users

Users are all of the people who utilize SSO Passport at all levels, including Administrators, teachers, non-teaching staff, students, or parents. Teachers, staff, students and parents are also sometimes referred to as end users, because they utilize all of the educational tools available on SSO Passport without necessity of  having Administrator’s privileges.

This section contains basic instructions for adding and editing Roles, Groups, and users. Additional links open User/Administrator Guide articles containing detailed instructions:

back to top

Creating Roles and Groups

The Admin Console allows you to assign and configure resources on both a Role and Group level. Roles and Groups allow you to sort users in a desirable way for your Organization(s). Every organization have own set of standard Roles like Teachers, Students, Parents etc.

For example, you can create a Role called Teachers and then create Groups for Math, Language, Arts, Science, etc. Alternatively, you can create a Role called Algebra 1 Teachers and then create groups called Washington High School, Lincoln High School, etc. Creating Roles and Groups is an essential step to assign Resources to users, thereby allowing them to access and use those Resources. For example, you can assign a mathematics course to the Math Group in the first example or to the Algebra 1 Role in the second example.

To add a Role (Premium subscription only):

  1. Select Resources and then click the Add Role button to open the New Role popup.
  2. Select the Organization to which the Role belongs, enter a unique name for the Role in the Role Name field, and then click OK to close the popup window and return to the Passport Configuration screen.

There are two ways to add a Group (Premium subscription only):

On Resources tab you click on Add Group button then system will redirect to Users>Groups Screen then click Add Group link and fill out all corresponding fields. Or you can go to Users>Groups Screen click Add Group link and fill out all corresponding fields. Newly created group is displayed in Users screen.

See Creating Groups (opens a new article).

back to top


Manual Adding Users

Add users in the Admin Console before assigning Resources to use:

1.  Use the Add User screen (Web Form).

To add an individual user, using the Admin Console Add User screen:

  • Select Users>Users to open the Users screen, and in the Add User(s) section click the Single icon (person) to open the New User screen.

Enter the user's information in this screen, make sure to assign the new user to the corresponding Organization, Role, and/or Group.

If you leave the Username and Password fields blank, SSO Passport system will automatically generate these values for the Organization to which you are adding the user. (see Adding an Organization (Web Form);

  • Click Submit to finish adding the new user and return to the Users screen.

See Adding Users (Web Form)  for more information about adding individual users via the Admin Console web interface (link opens a new article).

back to top

Viewing/Editing a User

To edit user's information click the name in the Users screen and in the Update User screen user’s current information will be displayed. Edit this information as necessary and then click Submit to save your changes. See Viewing/Editing a User (opens a new article).

back to top


CSV upload

Select Users>CSV Upload to open CSV Upload Screen. In CSV Upload Screen you choose Organization and Data Model in drop-down menu.

Then you click Add files to upload your CSV file. If you don’t have CSV files or they are not properly formatted you click Download Template. Csvtemplates.zip archive file contains CSV files to bulk-add  different groups of users such as: Students, Non-Students , Groups , Enrollments (to map student users to Groups).

Click the Validate and Upload button. As a result of validation on the specified file(s) you will  either see Validated and Uploaded message for every successfully uploaded file or

Validation failed message with indication of any validation error(s) of the uploaded file(s).

Click the Reset button to correct the error(s) and upload again.

Click the Verify Changes button to verify the number of items that will be added, removed, and/or updated.

The validation is performed and then changes are displayed in the CSV Upload screen (additions, deletions, and/or updates). Click the down arrow to see the changes list .

Verify the necessary change(s), and then click the Commit to Production button to finalize the changes.

The Version History includes  the following information for each CSV file that has been uploaded to SSO Passport: Version ID, Commit Date and Time, Committed by, Status.

Click Download button in the Version History table to download the original CSV file in compressed (ZIP) format and save it to the specified location on your computer or local network.

See The CSV Upload Screen (opens a new article).

back to top

Active Directory Sync

The Admin Console enables synchronization with Microsoft Active Directory and creating user accounts based on their memberships in Active Directory Organizational Units and/or Groups. To configure AD Sync and set up mappings among OUs/Groups and SSO Roles/Groups use the admin console:

Select Users>Active Directory Sync to open the Active Directory Synchronization screen.

Choose server or click the Add Server button and then fill in the UI form to establish synchronization. The list of available servers appears once the connection is set up.

Use the Server pull-down menu to select the server you want to use for authentication and then click the Add Mapping link.

The mapping UI allows you to browse the structure of your AD server, select required OU(s) and Group(s), and map them to Roles, Groups and grades within the selected Organization(s).

Once mapping is set up, users will be able to login into SSO Passport, using their AD credentials.

See Synchronization with Microsoft Active Directory (opens a new article) for more information The Active Directory Synchronization Screen

back to top

API sync

Organization admin can set up synchronization with third party application to consume data from application both in PowerSchool SIS and  xPress Roster Data formats.

Select User>API Sync to open API Sync screen.Your organization is displayed in Organization drop-down menu by default or you can choose another organization from the drop-down menu.

For chosen Organization you can either synchronize with PowerSchool Student Information System or xPress Roster Data format.

After choosing API Sync Type you click Add API Sync button after that will open Configurations screen. Every Sync Type has own set of configuration parameters to fill in. After saved configuration you must set up organization's mapping (click Mapping button) and click Run Sync button.

For more detailed information see Power School SIS and xPress Roster Data format.

back to top


System Administrator is now able to generate SFTP credentials for customers to upload roster data in CSV file format. Administrator is able to define the data format to be uploaded to an SFTP server as a part of credentials generation process.

Select Users>SFTP to open SFTP Import screen. Your organization is displayed in Organization drop-down menu by default or you can choose another organization from the drop-down menu.

Fill in Import Configuration fields : Data Schema (you choose applied data schema for your organization to upload CSV file(s), Critical changes level (you define the range of approved critical changes), Email for notifications (you indicate your email address)  and choose Status: Active or Inactive, then click Save button

Click Add SFTP User link to open SFTP User screen. Fill in the following fields: Username, Password, Allow Connect From and then click OK button. If you skip Allow Connect From field, user will be allowed to access SFTP server from any IP address and if you want to limit user’s access to SFTP server by particular IP address you need to indicate it according to CIDR method.Choose Status: Enabled or Disabled and then click OK button.

back to top


G Suite Sync

G Suite configurations

  1. General settings tab

    Select Users > G Suit Sync

    In G Suite Sync screen choose Organization from drop-down menu which will use G Suit Sync.

    Fill in Domain field, indicating the domain of your organization (e.g.my.domain.com) and choose synchronization mode from Sync Mode drop-down menu. Synchronization can be done in 3 modes: import (data from Google Domain will be imported to SSO Passport ), export (data from SSO Passport will be exported to Google Domain) , import & export (data will be imported and exported in both directions )

    Also you can choose an option Enable "Login with G Suite" for SSO Passport users (button "Login with Google” will appear on SSO Passport  login page for Organization’s Users).

    Authorize API Authentication by clicking Authorize button.

    Click Save button to save configuration.

    To revoke/deactivate synchronization click “Revoke” button .

    Tabs will appear in left side of the window: Org Units, Users, Sync

  2. Org Units tab

    On Org Units tab you see a table with 3 columns: G Suite Org Units – list of organizations units from your Google Domain, Import / Export – icons that represent synchronization mode,

    SSO Passport Organization – organization from SSO Passport  that is linked with Org Unit from Google.

    To import all organization units from Google Domain as new to SSO Passport  click on  +All As New link(on the top of the table).

    For link Org Unit withSSO Passport  organization just choose appropriate organization in drop-down menu above Org Unit in the table.

    To import any Org Unit as new organization into SSO Passport  choose New in drop-down menu opposite Org Unit in the table.

    Approve changes by clicking “Save” button.

  3. Users

    This tab is used for managing filter rules and mapping attributes for G Suite synchronization.

    3.1. Filter Rules

    Filter rules allow to exclude sets of users with specific attributes.

    Every organization, that is mapped in Org Units tab, has a system filter rule that allows import of users from specific Google OU. This filter can not be edited.

    To change priority for manually created item just drag & drop it for higher or lower position in the list. Priority depends on position. You can not change position  for default rules and mappings.

    Every filter consists of:G Suit attribute name, Condition, Match expression and Status.

    New rule creation:

    0) Click button “Add Filter”.

    1) Column “G Suit Attribute name” contains a drop-down menu with Google user attribute names.

    2) In this drop-down menu you can choose condition that will apply to match expression.

    3) This field must contain expression that will be used for filtering users during synchronization.

    4) Final outcome of filtering allows or disallows users to be imported.

    5) To save and apply rule click “Save” button.

    6) To delete rule click “trash” icon.

    3.2 Attributes Mappings

    Attribute mappings is used to populate passport users with additional attributes (role, user type, student's grade) based on their membership in Google groups.

    Every organization, that is mapped in Org Units tab, has a system attribute mapping that sets organization according to the OU, default role in Passport (GoogleUser) and default user type (STAFF). This attribute mapping can not be edited.

    Every attribute mapping can set one or more attributes to user. Such as:Organization, Passport Role, User Type, Grade.

    At the same time every attribute mapping must have at least one filter. Every mapping set can obtain a few rules. At the same time every attribute mapping must have at least one filter.

    Creation of new mapping set:

    0) Click button “Add Mapping Set”.

    1) Column “SSO Passport Organization” contains a drop-down list with organization names.

    2) Choose a role from a drop-down list in column SSO Passport Role.

    3) Choose a user type from a drop-down list in column User Type.

    4) Choose a grade from a drop-down list in column Grade.

    5) To save and apply rule click  “Save” button.

    6) To delete rule click “trash” icon .

    Every mapping set can obtain a few rules. Rules are managed in the same way as it’s described in New rule creation.

    NOTE: all new rules/mapping will be applied for new synchronizations that are launched after filter/mapping creation. These created or deleted rules/mapping will take effect in the next synchronization. It means that deleted rule/mapping will be ignored during the next synchronization

  4. Sync tab

    Synchronization automatically starts at 1 A.M. every day. To start synchronization manually click link “Sync Users” In Sync tab.  To view details for all current and previous synchronization click link “View” in “View details” column.

    NOTE: In export/import and export mode users will be transferred to Google Domain automatically after they have been created in Users tab in SSO Passport  or after CSV upload to SSO Passport , if user email domain complies with domain which you established in step 1 (during G Suit configuration)

    For example: If Domain is  test.domain.com, email should be: user@test.domain.com

    NOTE: Push notification for google sync functionality allows to follow and process user’s events that come  from Google when user's account is created or updated (deleting events is not implemented at the moment). Passport starts to follow users’ events after first synchronization was launched.

back to top

Step 4: Catalog

The Catalog is where you search for and purchase (or activate) Resources for usage by the users in the Organization(s) you administrate (see Catalog; opens a list of articles). The Catalog screen lists the available Resources that can be activated for your Organization or sub-Organization.

SchoolMessenger Passport is available in two versions:

  • Standard: At this level, Organizations (such as schools) may activate an unlimited number of standard Resources.
  • Premium: Organizations may activate an unlimited number of both standard and premium Resources.

back to top

Activating Resources

To activate a Resource:

  1. Select Catalog to open the Catalog screen.

  2. Click the Add to Resources button for the Resource you want to activate. This opens the Product Details screen for the selected Resource with the Add to Resources tab selected.

  3. Click the Add Organization(s) button to open the My Organizations popup and check the Organization(s) for which you want to activate the Resource. Click Submit when you have finished making your selection(s).

  4. Check the checkbox to indicate that you have read and agreed to the Terms and Conditions for the selected Resource.Click the Add to Resources button.

The selected Resource appears in the Passport Configuration screen for the selected Organization(s). See Resources and The Passport Configuration Screen (opens a new article).

back to top

Step 5: Resources

This section contains basic instructions for adding and assigning Resources, using the built-in web functions. Additional links open User/Administrator Guide articles, containing additional instructions.

back to top

Configuring SSO and Provisioning Connectors

Once you have added a Resource, you must then assign it to one or more user Role(s) and/or Group(s) in order to grant them access to that Resource. SSO and Provisioning Connectors may require additional configuration. To configure an SSO or Provisioning Connector:

  1. In Resources tab > Passport Configuration screen, locate the SSO or Provisioning Connector that you want to configure, check the checkbox at the top left of that Resource, and then click the Configure link at the top of the Services section to open the Properties screen for the selected SSO or Provisioning Connector.

  2. Configure the SSO or Provisioning Connector as described in the documentation included in that Resource.

  3. Click Save at the bottom of the Properties screen to save your changes and return to the Passport Configuration screen.

back to top

Adding and editing a Bookmark

A Bookmark is a URL or other Resource that is publicly available as a hyperlink to a web page. The Admin Console allows you to add a Bookmark for folders, users, Roles, or Groups within an Organization.

  1. In Resources tab > Passport Configuration screen,, select the Organization for which you want to add the Bookmark using the Organization pull-down menu and then click the Add Bookmark button in the Service table.

  2. Enter a name and the complete URL to the Bookmark in the appropriate fields, add an image (if desired), and then click OK to finish adding the Bookmark.

back to top

Assigning Resources/Bookmarks

To assign one or more Resource(s) and/or Bookmark(s) to one specific user, Role, or Group within the Organization:

  1. Select the Organization for which you want to add the Resource(s) or Bookmark(s), and then select the user, Role, or Group to which you want to assign the Resource(s) or Bookmark(s).

  2. Locate the Resource(s) or Bookmark(s) that you want to add.

  3. To assign the selected Resource(s) or Bookmark(s) to a single user Role or Group, click the Assign link. To bulk-assign the Resource(s) or Bookmark(s) to multiple user Roles/Groups, see Bulk-Assigning Resources/Bookmarks (opens a new article).

  4. Select the folder in which you want to place the selected Resource(s). You may also have to enter some additional information, such as selecting the Application Role in third party application will be assigned.

Individual end users or end users who belong to the selected Role or Group will now be able to access and use the assigned Resource(s) when they log into SchoolMessenger Passport.

See Assigning Resources/Bookmarks and Bulk-Assigning Resources/Bookmarks (links open new articles).

back to top


A large Organization or hierarchy of Organizations may find themselves with many different users, Roles, or Groups that each need access to the same Resources. Conversely, they may have Resources that need to be made accessible to numerous Groups and/or Roles. Syndication eliminates the need to repetitively enter the same configurations to achieve the needed results by allowing you to:

  • Create a single set of folders.
  • Assign a set of Resources to that folder.
  • Copy the folder and its contents (and the configuration settings for those contents) to numerous users, Groups, or Roles at once.

You may syndicate one or more folder(s) to selected users, Roles, or Groups, across your Organization or across the sub-Organizations underneath yours, if any (see Syndication). You may also syndicate Resources across one or more Organizations.

back to top

Removing Resources

Remove a Resource when one or more of the user Groups and/or Roles no longer needs access to that Resource. The Resource remains activated; if it is a paid Resource and your Organization has a Standard subscription, then the Resource still counts toward your limit of five (5) paid Resources.

To remove a Resource:

  1. Select Resources to open the Passport Configuration screen.

  2. Use the Organization and User Roles & Groups pull-down menus to select the specific user Group/Role from which to remove the Resource.

  3. In the Group/Role section, locate the Resource(s) that you want to remove, and then check the checkbox(es) at the top left of the Resource(s).

  4. Click the Remove link.The Confirm popup appears.

  5. Click OK to confirm the removal

back to top

Deleting Resources

Deleting one or more Resource(s) permanently removes the selected Resource(s) from the Passport Configuration screen. The affected Resource(s) can no longer be accessed by any users. This is a permanent action. If you deleted a Resource than you can activate it from catalog repeatedly.

To permanently delete one or more Resource(s):

  1. Select Resources to open the Passport Configuration screen.

  2. In the Group/Role section, locate the Resource(s) that you want to delete, and then check the checkbox(es) at the top left of the Resource(s).

  3. Click the Delete link. The Confirm popup appears.

  4. Click OK to confirm the deletion.

back to top

Pre-population of Connectors with third party service credentials

Third party service credentials can now be imported in bulk. An Org Admin can upload credentials in CSV file format using the "CSV Upload" tab and selecting the relevant data scheme.

back to top

Configuring Roster Data Integration

For educational Organizations, the Roster Data Integrations screen allows you to:

  • View Roster Data Integration services (activated from the Catalog, as described in Activating Resources and  Adding a New links open new articles) for Partners or Ecosystem Partners that can access your roster information, using API calls.
  • Manage access permissions for each service.
  • View access history for each service.
  • Activate/deactivate service access to roster data

Clicking Manage Permissions for a service opens the Manage Permissions popup for that service.

back to top

Management of Account Provisioning Connectors

Selecting Integrations > Account Provisioning Connectors opens the Account Provisioning Connectors screen, which allows School Administrators to review the list of Provisioning Connectors activated for their organizations and sub organizations. Please read the next article (open a new article)

back to top