Loading...
SAML 2.0 SSO. OneRoster SIS sync. LTI 1.3 with durable grade passback. Microsoft Entra ID, Google Workspace, Canvas, Moodle, Blackboard, WhatsApp Business, and more. Honest status on every connector.
Identity
SSO via SAML 2.0, OIDC for Google, and Clever — under evaluation for US K-12 districts.
Per-tenant SAML 2.0 with signed AuthnRequests, Upstash-backed replay cache, and single-sign-out in both directions.
Connected via the SAML 2.0 SSO connector. Tested against Entra strict mode with signed AuthnRequests.
SAML 2.0 SSO or native Google Workspace OIDC. Per-tenant configuration.
Tested against Okta Workforce and Customer Identity via the SAML 2.0 SSO connector.
Clever-issued OAuth + roster sync. Scoped, not started — under evaluation alongside ClassLink for US K-12 districts.
Default auth for tenants without SAML SSO. Leaked-password detection at signup; lockout after 5 failed attempts in 15 minutes.
SIS
OneRoster v1.2 covers most modern SIS. PowerSchool, Infinite Campus, Skyward live; ClassLink + Clever planned.
Daily delta sync of users, classes, and enrolments. CSV and REST supported. Idempotent reconciliation; PII attestation report regenerated on every sync.
OneRoster + Roster Server profile via ClassLink. Scoped for US K-12 district contracts.
Connected through PowerSchool’s OneRoster export. Same daily delta sync.
Connected through Infinite Campus’s OneRoster export.
Connected through Skyward’s OneRoster export.
For SIS that don’t speak OneRoster, we scope a custom adapter on Enterprise contracts. Lead time 4–8 weeks.
LMS
LTI 1.3 with durable-queue grade passback. Canvas, Moodle, Blackboard, Schoology live.
Embed CurioPilot activities in any LTI 1.3 LMS. Durable-queue grade passback with idempotent retries — same guarantees as our Stripe webhook handling.
Tested against Canvas Cloud and Canvas self-hosted.
Tested against Moodle 4.x.
Tested against Blackboard Learn Ultra.
Tested against Schoology Enterprise.
Google Classroom is not LTI; needs a custom adapter. Scoped, not started — Q3 2026 target.
Assignment posting and roster sync via Microsoft Graph. Q4 2026 target.
Communications
Multi-channel parent comms with per-school AED budget caps. WhatsApp + SMS + email + push + in-app.
Every CurioPilot mail — broadcasts, password resets, weekly digests, demo confirmations. Domain-authenticated with DKIM + SPF + DMARC.
SMS broadcast to verified parent phone numbers. UAE Sender ID provisioned for the school’s display name. Per-school AED budget cap with hard cutoff.
Meta-approved message templates per locale, two-step opt-in flow per Meta policy, audited reply threading, suppression list.
Native push to iOS and Android via Apple Push Notification service and Firebase Cloud Messaging. Routed through the Capacitor 8 native shell.
Every broadcast lands in the recipient’s in-app inbox regardless of channel preference. Source of truth for “did this message reach you?”
Billing + ops
Stripe billing, Sentry observability, customer webhook roadmap.
B2B invoicing, B2C subscription billing, token-bundle top-ups. Idempotent webhook handling — same guarantees as our LTI passback.
Error monitoring for our own platform. PII stripped at the SDK level — never leaves the tenant boundary.
Per-tenant webhook config so your school’s ops stack — PagerDuty, Datadog, your own ITSM — can receive CurioPilot platform events. Q4 2026 target.
We use Slack internally; not currently exposing a customer-facing Slack integration. Scoped on Enterprise contracts for incident workspace events.
Roadmap
Enterprise
We scope custom integrations on Enterprise contracts. The typical path: a discovery call to understand your stack, a scope and cost estimate (typically 4–12 weeks), implementation on a dedicated branch tested against your sandbox, then maintained on contract.
Previously scoped: custom SIS adapters, district-specific authentication flows, regulator-specific audit exports, fine-grained RBAC bridges.
FAQ
Probably, yes. If your SIS exports OneRoster v1.2 — most modern SIS do — you’re already covered. If not, we can scope a custom adapter on an Enterprise contract.
Any SAML 2.0 IdP works. Our wizard lets you upload your IdP metadata XML and configure the attribute mapping. If your IdP has a quirk, we’ll help you debug.
Yes. We use a durable queue and a nightly worker. If your LMS is unreachable when a student submits, the grade is queued and retried with exponential backoff. Crash-safe — same guarantees as our Stripe webhook handling.
Yes. Demo accounts include a sandbox for SSO and LTI testing. For SIS, we run a one-off sync against your staging environment during discovery.
Today we model each school as a separate tenant. District-level cross-school read access for governance is on the roadmap for 2027.
Depends on complexity. We quote scoped work-packages of 4–12 weeks; typical custom-adapter packages run AED 60,000 to AED 180,000. We don’t bill hourly.
Most schools have SSO, SIS, LMS, and parent messaging covered out of the box. For everything else, we scope on contract.