Single Sign-On (SSO)

LearningBuilder supports single-sign on with a variety of systems and can easily be extended to work with new ones. It supports SAML, OpenID Connect, JWT, and more.

Overview

See also: Login Scenarios

In cases when LearningBuilder is not the authoritative identity provider, such as when member records are already managed in an Association Management System, it supports single-sign-on (SSO) processes where a user logs into the authoritative system and then follows a link into LearningBuilder. The user is seamlessly transferred into LearningBuilder and not required to manage a separate set of credentials.

Optionally, the user's local profile data can be synchronized with the source system at the time of login using the Demographic Synchronization Service.

Supported technologies

LearningBuilder can implement SSO using:

Architectural overview

Regardless of the specific technology in use, the general approach is the same:

  • The user logs into the authentication provider, such as the client’s AMS;

  • The AMS redirects the user to LearningBuilder, sending a number of “claims” with the request. These claims provide the user’s identity.

  • Using industry-standard techniques, LearningBuilder uses some sort of shared, private key (see Secure Tokens) to validate the authenticity of the claims. If they are validated, the user is seamlessly “logged in” to LearningBuilder.

Demographic Synchronization

When the external system is the system of record for certain types of demographic data, that data can be provided as part of the SSO “handshake”. In this case, LearningBuilder’s local copy of that demographic data will be updated as part of the sign-on process, ensuring that the user’s profile is kept up-to-date using the Demographic Synchronization Service.

Implementation details

LearningBuilder has native APIs for doing SSO (see Single Sign-On (SSO) API ) and Demographic Sync (see Demographic Synchronization Service). Clients can develop code to take directly with our native API. Clients also have the option for Heuristics to build a custom bridge via the Integration Hub that translates the client-specific SSO request into the format that LearningBuilder expects.

This approach means that it is easy to implement SSO using a wide variety of technologies, while at the same time minimizing the amount of custom coding that is needed.

SAML Support

See SAML SSO

Multi-tenant support

See SSO in a multi-tenant instance

Full subpage index

 

Related pages