Skip to content
Open the app

IT and SSO — your handover

You are on your institution's IT team. First Six federates identity against your IdP, so most of your work is one-time application registration and a few feed wirings. None of it is heavy; the trick is sequencing it so the platform owner isn't blocked.

Your progress0 of 0 tasks

What's already done for you

By the time you reach this page, First Six has:

  • Implemented the standards-based OIDC sign-in flow, hardened with PKCE, nonce, state, and issuer + audience checks against your IdP's JWKS. The technical detail is in the OIDC flow.
  • Provisioned your tenant on a Sydney-region database (AWS ap-southeast-2).
  • Stood up an SIS-sync endpoint that accepts roster pushes from your upstream student information system. The contract is documented at the SIS endpoint.
  • Configured DNS for the platform's own subdomains (console., app., kb., status.). You don't need to host anything.

What's left for you is the connect-and-wire work below.

Identity (SSO)

This is the critical-path item. The platform owner can't run the launch checklist past step 2 until students can sign in.

The magic-link fallback path

First Six supports a magic-link sign-in fallback for the (rare) case where SSO is unavailable. If you want that disabled for your tenant (typical for cyber-strict environments), tell us during this step so we set the flag at handover, not after a confused student request.

Roster sync (SIS feed)

This isn't strictly blocking — you can hand-import students from the console — but for any cohort over a couple of hundred students it saves a lot of pain.

Calendar / timetable feed

Optional but recommended: students see their actual timetable inside the platform instead of bouncing to a separate system.

Email and notifications

Account lifecycle

No on-prem agent, no firewall change inbound

First Six is fully cloud-hosted — Vercel for the apps, Supabase (AWS Sydney) for data. There is nothing to install on your network and no inbound firewall opening required. All traffic is browser → our SaaS, plus your outbound push to our SIS endpoint and our outbound SMTP / push to your students.

Was this helpful?
Need more help?

The fastest answer is usually one question away.

Edit this page on GitHub