Integrations & User identification

Integrate with Active Directory, Google SSO and Entra ID to ensure user-specific profiles are applied at school and at home.

SurfProtect offers multiple methods to integrate user identity systems, supporting Microsoft Active directory, Microsoft Entra and Google Workspace as sources of user identification data.

Active Directory

SurfProtect integrates seamlessly with on-premises Active Directory, allowing schools to apply filtering policies based on existing user groups and permissions. This means staff, pupils, and administrators each experience the internet in a way that reflects their role in the school, without the need to manually recreate user profiles. By leveraging the directory already in place, SurfProtect minimises administrative workload and ensures filtering aligns naturally with the school’s existing IT structure.

Entra ID

For schools and trusts moving to the cloud, SurfProtect offers full support for Entra ID integration. This enables a single, centralised identity management system to handle user verification across all sites and devices. Policies can be applied consistently across a multi-academy trust, while still allowing local flexibility for individual schools where needed. This cloud-first approach simplifies management, supports hybrid environments, and future-proofs safeguarding as schools adopt more Microsoft 365 and Azure-based services.

Google SSO

SurfProtect also integrates with Google Single Sign-On (SSO), making it ideal for schools using Google Workspace for Education. Pupils and staff log in with the same credentials they use every day, streamlining access and ensuring that filtering rules follow them across different devices and browsers. This not only simplifies the user experience but also reduces the burden on IT teams, who can manage access centrally through Google’s familiar admin tools. With policies tied directly to Google accounts, SurfProtect delivers both consistency and ease of use.

Captive Portal

SurfProtect's Captive Portal allows your users to authenticate with Active Directory, Google SSO or Entra ID on any device, whether on premise or learning from home. When a user connects to the school network, they are automatically redirected to a secure login page where they enter their credentials or sign in with your identity manager. This ensures that filtering policies are applied on an individual basis, rather than simply by device or network location. Captive Portal is especially useful for guest users, temporary accounts, or mixed-device environments, giving schools the flexibility to extend safeguarding controls without the need for complex directory integration.

BYOD and Shared Devices

Bring Your Own Device (BYOD) is increasingly common, particularly in secondary schools. Pupils may bring smartphones, tablets, or laptops into lessons, and schools need assurance that safeguarding is consistent across all devices.

SurfProtect uses logins to determine its filtering, so pupils using personal devices are subject to the same protections as if they were on a school-owned machine. Shared devices, such as laptops in a trolley or computers in a lab, also present no challenge — once a user logs in, the correct profile is applied to every request.