SSO in a multi-tenant instance
See also: Single Sign-On (SSO)
Overview
The use of multi-tenancy in LearningBuilder can complicate Single Sign-On scenarios, and not all possible scenarios are currently supported.
Scenario | Notes |
---|---|
| Supported as 1st class feature In this approach, users navigate to the hostname for the Tenant they wish to access. They are redirected to the centralized SSO provider, which is notified of the requested Tenant. The SSO provider authenticates them, authorizes access to the requested Tenant, and the redirects. Requires that users navigate to the Tenant they are trying to access. Allowing users to navigate to the default tenant, and then be redirected to an arbitrary Tenant as a result of the SSO process, may require extra effort. |
| Supported via custom integration / may require innovation In this approach, each Tenant is associated with a different identity provider. The SAML support added in 11.0.0 can support multiple providers, but is not designed to vary them by tenant. Supporting this scenario might be possible with a custom AWS Lambda in the middle of the SSO process, or it might require additional innovation. |
| Not supported In this approach, access to a 3rd party system would require having credentials for a specific Tenant. LearningBuilder’s SAML identity provider does not currently support any business rules that would allow it to validate credentials against a specific Tenant. |