IT Setup Guide — VESPA Academy

Welcome! Your school has signed up for VESPA Academy at app.vespa.academy. This guide covers everything your IT team needs to enable access for staff and students.

Time required: ~15 minutes for allowlisting + 5 minutes for Microsoft 365 directory sync (if applicable).

1. Network and Email Allowlisting

Please allow outbound HTTPS (TCP 443) to the domains below and, where possible, exclude them from SSL inspection.

Complete printable allowlist: vespa.academy/it-allowlist

Service	Domains to allow
VESPA Academy (all services)	`*.vespa.academy` Or individually: `app.vespa.academy`, `vespa.academy`
Supabase (database + auth)	`qcdcdzfanrlvdcagmwmg.supabase.co` (or `*.supabase.co`)
Skiv videos (required)	`skiv.com` — all VESPA coaching videos (not YouTube)
Student activities	`cdn.jsdelivr.net`, `cdnjs.cloudflare.com`, `slides.com`, `fonts.googleapis.com`, `fonts.gstatic.com`
Microsoft SSO (if used)	`login.microsoftonline.com`, `graph.microsoft.com`
Google SSO (if used)	`accounts.google.com`, `oauth2.googleapis.com`
Legacy (optional)	`www.youtube.com`, `www.youtube-nocookie.com`, `img.youtube.com`, `muse.ai`, `docs.google.com`

Email safelisting

What to safelist	Details
Sender address	`noreply@notifications.vespa.academy` — password resets, notifications
Domain safelist	`@vespa.academy` and `@notifications.vespa.academy`
Wildcard (if supported)	`*.vespa.academy`

Common issue: If the portal works but student activities or videos are blocked, allow skiv.com, slides.com, and the CDN domains above. If the portal works off-site but not on-site, the cause is usually SSL inspection or filtered API traffic. Full list: vespa.academy/it-allowlist

Network notes

Protocols: HTTPS over TCP 443. Secure WebSockets (WSS) over 443 where relevant.
SSL inspection: Exclude the domains above from HTTPS/SSL inspection if possible.
CORS: Ensure your firewall/proxy permits OPTIONS requests as well as GET and POST.
Content filtering: If web filtering blocks third-party JavaScript libraries, CDN access may need explicit approval.

2. Sign-In Options

VESPA Academy supports three sign-in methods. Schools typically use one primary method:

Recommended Microsoft 365 Single Sign-On

Staff and students click "Continue with Microsoft" on the login page and sign in with their school Microsoft account. No separate password needed. This is the simplest option for Microsoft 365 schools.

Setup: No IT configuration needed for SSO. It works automatically for any Microsoft 365 work/school account.

Also available Google Workspace Single Sign-On

Same as above but with Google accounts. Staff and students click "Continue with Google".

Fallback Email and Password

For schools without Microsoft 365 or Google Workspace. Accounts are created with temporary passwords sent by email. Students can also be given access codes.

3. Adding Students — Microsoft 365 Directory Sync

If your school uses Microsoft 365, you can import your student roster directly from your Azure AD / Entra ID directory — no spreadsheets needed.

Log in to VESPA at app.vespa.academy/login using "Continue with Microsoft" with your school Microsoft account. Your account should have the technical_admin or staff_admin role.

Go to Technical Admin — click "Technical" in the top navigation bar, then select the "Data feeds" tab.

Click "Connect Microsoft 365" — you will be redirected to Microsoft to sign in with a Microsoft 365 admin account (Global Admin, User Admin, or Cloud App Admin). This account must have permission to consent to third-party applications for your organisation.

Review the consent screen — VESPA will request read-only access to your user directory, groups, and roster data. We do not write to your directory or modify any accounts.

Permissions requested:

User.Read.All — Read user profiles (names, emails, departments)
Group.Read.All — Read group memberships (class groups, year groups)
EduRoster.Read — Read school roster data (if School Data Sync is enabled)
Calendars.Read — Read calendar events (for timetable import if available)

Click "Sync Directory" — VESPA pulls your user list from Microsoft 365. If your school uses Microsoft School Data Sync (SDS), students and teachers are automatically identified with year groups and class memberships. Otherwise, VESPA uses department and job title fields to detect roles.

Review the preview table — check detected roles (Student/Staff), year groups, and tutor groups. You can override any field before importing. Use the checkboxes to select which users to import.

Click "Import Selected" — VESPA creates accounts for the selected users. Students can then sign in immediately using "Continue with Microsoft" — their accounts are automatically linked.

That's it! After import, students just go to app.vespa.academy and click "Continue with Microsoft". No passwords to distribute, no CSV files to manage.

4. Alternative: CSV Upload

If you prefer not to use the Microsoft 365 directory sync (or your school uses Google Workspace), you can upload students via CSV:

Go to Technical Admin → Data feeds (or Account Management → CSV Upload)
Download the student CSV template
Fill in: email, first name, last name, year group, tutor group, gender
Upload and validate → process
Students receive welcome emails with temporary passwords (or use SSO)

5. School-Specific Login URL

Your school can have a custom login URL that shows only your preferred sign-in method:

app.vespa.academy/student/login?school=your-school-slug

For example: app.vespa.academy/student/login?school=london-oratory would show only the Microsoft sign-in button. Configure this in Technical Admin → Sign-in.

6. Technical Admin Portal

The Technical Admin page at app.vespa.academy/staff/technical gives you access to:

Overview — school status, account counts, product info
School data — student and staff records, academic profiles
Data feeds — Microsoft 365 sync + CSV upload
Wonde — MIS integration (if your school uses Wonde)
Sign-in — login slug, SSO provider configuration
Email — test email deliverability, domain allowlist guidance
Diagnostics — auth chain lookup, debug tools
Support — contact form to VESPA support team

7. Support

If you encounter any issues during setup:

Email: support@vespa.academy
In-app: Technical Admin → Support tab