TABLE OF CONTENTS
If the Windows proxy agent deployment option is used, the student will need to log into their own GSuite or Azure AD account when a browser is opened for the first time. This will help Deledao obtain the student's identification information and correctly enforce policies. However, if the student has already logged onto Windows using their own unique student account (not a shared account), the second login in the browser will be inconvenient and unnecessary. Fortunately, there is an option in the Deledao admin console to skip the Deledao login.
Prerequisites
This option will work if the following conditions are met:
- The Windows logon usernames are derived from the student IDs in GSuite or Azure AD.
For instance, the GSuite user smith@example.com will log onto Windows as “smith”, or “students\smith”.
More details on how GSuite and Azure AD usernames are derived from Windows logon usernames will be shown later.
- The student devices need to be associated with your school first so that Deledao can obtain the correct settings.
- If one has already registered the school’s public IP addresses with Deledao and the devices are used on campus, they will automatically be associated with the school.
- Otherwise, the students will still need to log in to Deledao if the devices are logging in from a off-campus location for the first time. Afterwards, the devices will be associated with the school and the students won’t be asked to log in again from browsers.
- If one has already registered the school’s public IP addresses with Deledao and the devices are used on campus, they will automatically be associated with the school.
Configuration
- Log into Deledao admin console.
- Go to Configuration, then Identity Provider.
- Enable “Use Windows logon names to derive student identities”.
- Input a domain name to be appended to the Windows logon name to derive the GSuite or Azure AD user ID.
- Deledao will automatically remove the domain name before “\” or after “@” in Windows logon to get the unique user name, if the domain name is present.
- This domain name will then be appended to the above user name to be used as the G Suite or Azure AD user ID.
- Click Save.
Note: After enabling the "Windows logon" option, one must reboot the machine to have the option take effect.
When Students Log onto Windows
Deledao will automatically obtain the students’ Windows logon names and convert them into GSuite or Azure AD users.
Below are some examples, assuming “example.com” is entered as the domain name in the Deledao admin console configuration.
G Suite or Azure AD User ID | |
students\smith | smith@example.com |
smith@ad.example.com | smith@example.com |
smith | smith@example.com |
Deledao will then use the converted GSuite or Azure AD user ID to get the student’s OU and apply the associated applicable policies.
© Deledao Education