Firefly: how to configure parent logins
Firefly is a supported single sign-on provider which can be used as a login for parents, replacing the parent detail style login. This guide goes through the setup of Firefly logins.
NOTE: This guide assumes you are syncing your data with a management system. We don't support login via Firefly without a management system.
How is login facilitated?
Logins using Firefly are authenticated by matching the email address in Firefly with that in SchoolCloud. At log in a parent clicks a Log in with Firefly button that looks along these lines:
This sends a request to Firefly who respond to us with the email address of the user who (provided they managed to log in) successfully logged in. If that provided email address matches one of the addresses in the Data > Parents > [Select parent] > Email synced with management system section of Clubs & Events, the system will log the parent into that account.
In order to support Firefly logins for parents, you must ensure that:
- Email addresses used in Firefly are unique.
- The email addresses from Firefly match only one account in your management system. Duplicates could result in incorrect logins. If no accounts match, that parent won't be able to log in which could be a desired effect.
- The "Can set task" permission is only turned on for parents who happen to be teachers at the school too. "Can set task" is the way we check accounts from Firefly are capable of logging in as teachers so there is a danger such a parent could log into the teacher panel instead if their email matches.
If you're using a locally hosted version of Firefly, please also ensure that:
- Your NAT rules are configured to allow forward public web traffic to the correct the expected Firefly site.
- Your hardware and software firewalls are configured to allow bidirectional access from our IPs. Our IPs are 184.108.40.206, 220.127.116.11 and 18.104.22.168.
- If you have threat detection on your network (such as Arbor), make sure whoever manages it is aware that they may see lots of requests from public IPs soon. Some detection systems will require some training for that and for parental logins in particular this will be more important.
It's especially important that the school has up-to-date records for the parent's email addresses. These must be kept matching in both Firefly and your management system otherwise parents may run into login issues. Your staff should also know how to handle inabilities to log into parental accounts so it's a good idea to circulatethis article to help them spot/correct problems before setting up parental logins. It's also worth making sure you have more than one contact who's able to make changes to email addresses for parents in both systems.
Turning on Firefly authentication for parents
To turn on Firefly authentication, just follow these steps:
In the coloured navigation bar on the left of your system click Settings.
Select Parent Authentication then Firefly under the Single Sign-On section.
- In the Firefly URL box, enter your Firefly URL. The URL might be something like https://schoolname.fireflycloud.net but you can also have locally hosted instances of Firefly which may differ.