SSO using dedicated Identity Server
This page covers SSO scenarios where LearningBuilder is the system of record, and users can log into a 3rd party system (like an AMS) using their LearningBuilder credentials.
If the external system is the system of record, please refer to Single Sign-On (SSO) instead.
This approach is deprecated. It requires per-client infrastructure work, and new versions of Identity Server are no longer open source.
Use SSO using SAML (Redirect) instead.
Overview
In some scenarios, user data is managed primarily within LearningBuilder, and we want to use those credentials to log into another system (like an AMS).
This can be handled by:
Setting up an Identity Server instance to handle authentication
Configuring that Identity Server instance so that it connects directly to the LearningBuilder database as its credential store
Configuring LearningBuilder to use the Identity Server for authentication
Configuring the 3rd party to use the Identity Server for authentication
Once configured, both LearningBuilder and the 3rd party system will redirect unauthenticated users to Identity Server to log in. Once a user has logged in once, they can move seamlessly between the two systems without needing to log in again.
Demographic Synchronization
In this approach, there is no need to support Demographic Sync because the Identity Server is connected directly to the LearningBuilder database.