SAML Integration Checklist - Identity Provider

This document outlines the process for standing up a new SAML integration with a partner that will act as an Identity Provider.

(In this case, LearningBuilder is the Service Provider.)

Overview

In order to implement a new SAML integration you will need:

  • The partner’s SAML metadata URL

  • The piece of information that the partner uses to uniquely identify a person (email, unique identifier, some other attribute)

  • The specific claims that the partner will be providing

SAML Metadata URL

The partner should provide a URL to a publicly accessible endpoint that provides the information necessary for the SAML flows. You will need this to create the partner in the Sys Admin → Identity Management area.

The partner’s metadata for PROD is:

https://some/url

The partner’s metadata for the QA SANDBOX is:

Whatever_the_name_of_the_field_in_the_payload_is…

Unique identifier

The partner must provide a piece of information that uniquely identifies a member in LearningBuilder. Email address is commonly used, but any Attribute that uniquely maps to a Member will work.

The data field used as an identifier is:

Email, Unique Identifier, etc…

The full name of the claim in the SAML payload is:

Whatever_the_name_of_the_field_in_the_payload_is…

Claims

If you want LearningBuilder to create new Member accounts during SSO then you will need to define claim mappings for Email (which may be covered by the identifier), First Name, and Last Name.

You can optionally map other Extrinsic Attributes to claims as well, which will be updated in LearningBuilder during the SSO process.

Full name of claim in SAML payload

Mapped LB Attribute

LB Attribute ID

Notes

Full name of claim in SAML payload

Mapped LB Attribute

LB Attribute ID

Notes

Whatever_the_name_of_the_field_is….

SomeAttributeName