SSO using dedicated Identity Server

Owned by Seth Petry-Johnson
Last updated: Dec 22, 2022
1 min read

This page covers SSO scenarios where LearningBuilder is the system of record, and users can log into a 3rd party system (like an AMS) using their LearningBuilder credentials.

If the external system is the system of record, please refer to instead.

This approach is deprecated. It requires per-client infrastructure work, and new versions of Identity Server are no longer open source.

Use instead.

Overview

In some scenarios, user data is managed primarily within LearningBuilder, and we want to use those credentials to log into another system (like an AMS).

This can be handled by:

  1. Setting up an Identity Server instance to handle authentication

  2. Configuring that Identity Server instance so that it connects directly to the LearningBuilder database as its credential store

  3. Configuring LearningBuilder to use the Identity Server for authentication

  4. Configuring the 3rd party to use the Identity Server for authentication

Once configured, both LearningBuilder and the 3rd party system will redirect unauthenticated users to Identity Server to log in. Once a user has logged in once, they can move seamlessly between the two systems without needing to log in again.

Demographic Synchronization

In this approach, there is no need to support Demographic Sync because the Identity Server is connected directly to the LearningBuilder database.