MyVRSpot provides a variety of integrations to aid in the creation and maintenance of user accounts. This page will provide a brief overview of these options.
Preface: Account Provisioning vs. Authentication
It is important to note the distinction between account authentication and account provisioning. Account authentication is the mechanism by which users are let in to the system. Authentication is essentially a key that lets users into the door, but provisioning is the process of building the keys. Therefore you can mix and match account provisioning and authentication using different mechanisms (although this is somewhat rare). One example would be building all accounts manually, but using Google for authentication. In most instances you will want to use the same account provisioning and authentication mechanism.
If you are not using any account authentication with an integration, you are simply using MyVRSpot to manage your usernames and passwords. It is important to note that users can always set a secondary password in MyVRSpot that works for our system. This is sometimes helpful in situations where 3rd party integrations are not supported. One example is live broadcasting passwords are not compatible with Google Authentication. Therefore a user looking to live broadcast would need to set a secondary password in our system. Users can simply click the My Account icon in the top menu (the gear icon) to set a secondary password.
If you plan on using MyVRSpot authentication, we can typically automate the creation of accounts using a CSV or Excel file import.
LDAP Authentication and Provisioning
If your district or school has an LDAP system such as Microsoft Active Directory, we can use this system to build and authenticate accounts. The setup involves whitelisting our application servers to talk to your LDAP system. As a district administrator, you can manage the OUs in your LDAP system that are synced and can customize LDAP search queries to build specific sets or subsets of users.
These LDAP provisioning jobs are typically run weekly or twice a week to add new users or change existing users’ attributes. When a user logs in to the system, our servers call your local LDAP server to see if the user exists and to check their password.
Note: If you are in the state of Arkansas, all teachers can login via their Arkansas State SSO credentials. This is typically a username that starts with a 4 digit number.
Google authentication is very popular on many sites on the internet. When this option is enabled, a new sign in button will appear on your district login page to sign in with Google. Users simply click the button and it will check the email address to see if the user account exists on our system. If the user does exist, they are logged in. This currently works with our mobile app as well (with the exception of the MyVRSpot Broadcaster App). Live broadcasters using Google for authentication can setup a secondary local password for their broadcasting needs.
User accounts can also be provisioned using Google Apps Directory Services. After we have connected to your Google Directory, we can scan Google Organization Units and auto build and sync accounts. Once the initial setup is complete, we can isolate all the users that need accounts and run a weekly sync.
Microsoft Authentication works very similarly to our Google Authentication. When this option is enabled, a new sign in button will appear on your district login page to sign in with a Microsoft Account. Users simply click the button and it will check the email address to see if the user account exists on our system. If the user does exist, they are logged in.
Account provisioning with Microsoft is currently in development and we hope to have a solution soon. Many districts are currently using our LDAP Provisioning tools to create accounts and are using Microsoft Authentication to log users in. Microsoft authentication is currently not supported for our mobile app or broadcaster app. Users can still use these resources by setting up a secondary password.
Please contact us at firstname.lastname@example.org for more information on our Clever integration options.
SAML based SSO Providers (Classlink, Open Identity, and more)
We work with a variety of SAML based SSO Platforms. Typically once this is setup a token is passed from the SSO portal to MyVRSpot upon login. This token will typically contain basic user information such as username, email, first name, last name, access level, and building location information. This information is cross referenced to our system. If the user matches an existing user, they are logged into the system with their attributes updated. If they do not exist, they are built and then logged in to the system. This process is seamless and does not require any daily or weekly syncing.