SchoolFront can authenticate your Azure Active Directory (now Entra) users with Single Sign-On (SSO) capabilities. In order to make this work properly, please follow these steps.

Register the Application

Select App Registrations from the Menu

(If not on your menu go to Azure Active Directory and then select from the left)

Click New Registration

Enter SchoolFront in the Name of the application

Set the Supported Account Types as Multiple Entra ID tenants and Allow all tenants

Enter https://azure.schoolFront.com/MSSignInProcessRedirect.aspx in the redirect URL

Then Click Register

Enable Tokens

In App Registrations, select the SchoolFront application you just created.

ID Tokens

Under Authentication check ID Tokens and click Save.

Email Token

Under Token Configuration click Add Optional Claim

Select the default token type of ID and click the checkbox for the email claim. Click Add.

A pop-up should appear. Check the box for Turn on the Microsoft Graph email permission and click Add

Provide Information to SchoolFront Support

Lastly, please email support@schoolfront.com the values listed under the Application (client) ID and Directory (tenant) ID fields for the SchoolFront application registration.

Optional: Mobile Configuration

If your district is using the SchoolFront Mobile application, click Add URI for an additional Redirect URI for the address:

https://sf-mobile-4d17c.firebaseapp.com/__/auth/handler

iOS Configuration

Click Add a platform and add an iOS / macOS platform

Specify the following values for the iOS / macOS platform Redirect URI:

 Bundle ID: frontedge.schoolfront.app

 Redirect URI: msauth.frontedge.schoolfront.app://auth

Android Configuration

Click Add a platform and add an Android platform

Specify the following values for the Android Redirect URI:

Package Name: frontedge.schoolfront.app

Signature Hash: p1f7wBtIjxacejuiMhCBUwO+EqU=

Redirect URI: msauth://frontedge.schoolfront.app/p1f7wBtIjxacejuiMhCBUwO%2BEqU%3D