Versions Compared

Old Version 25

changes.mady.by.user Seth Petry-Johnson

Saved on

compared with

New Version Current

changes.mady.by.user Seth Petry-Johnson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • When LearningBuilder is the IdP, users can single-sign-on from LearningBuilder into a 3rd party system

  • When LearningBuilder is the SP, users can single-sign-on into LearningBuilder from a 3rd party system

LearningBuilder as a Service Provider

Note

As of 11.0.14 / 11.6.0, LearningBuilder only supports integration with a single Identity Provider. Adding support for multiple Identity Providers is planned for a later release.

LearningBuilder clients often manage their user data in a separate Member Management System (MMS). SSO allows those users to access LearningBuilder with their MMS credentials so that they do not need a LearningBuilder-specific password.

For this to work, there must be some unique identifier (often email) that is the same in both systems.

When an unauthenticated user accesses LearningBuilder, they are redirected to the MMS to log in. After they authenticate, they are sent back to LearningBuilder with a SAML message containing that unique identifier value.

Once LearningBuilder validates the SAML message, the user is considered “signed in” to the LearningBuilder account with the matching identifier.

If a matching user account does not already exist, one is created automatically and assigned a specified Role. SAML claims can provide basic demographic data such as name, email, phone, etc.

For more complex demographic data, the SSO process can be configured to trigger LearningBuilder’s “Demographic Synchronization” service.

...

LearningBuilder as an Identity Provider

Many exam integrations involve redirecting the user to the exam provider’s system for scheduling.

Just like above, this requires that there be some unique identifier (often email) that is the same in both systems.

In this case, LearningBuilder acts as the “Identity Provider” and uses SAML to securely identify the user to the exam provider. The exam provider then uses the shared identifier to look up (or create) its own user account for that person and then considers them “signed in” to its own system.

All user accounts participating in the SSO process must have a configurable Role in LearningBuilder.More high-level information can be found at Identity Providers

Configuring SAML Identity Management

...