The single sign-on (SSO) API allows individuals to log in to other systems and use those credentials to access LearningBuilder™. Single sign-on is usually implemented in circumstances in which a customer has an existing member management system and wishes most interactions to take place within that system. The mechanism ensures individuals are able to access LearningBuilder™ directly from their membership profile without logging on to a separate system.
Single Sign-On Implementation
Implementing requires the following components:
A visual protocol within the AMS/CRM to navigate to LearningBuilder™ (e.g., a link or button that directs visitors to LearningBuilder™);
A mechanism to generate an authentication token (see section 4);
A mechanism to send token and user identity to LearningBuilder™ through a query string;
A URL to redirect users to when sign-on succeeds (optional);
A URL to redirect users to when sign-on fails (optional); and
A URL to redirect users to when signing off.
Visual Representation
The following diagram represents common scenarios for constructing the visual integration for single sign-on.
Figure 5.1. Illustrates the single sign-on path from a typical member profile.
Data Flow
The data flow for single sign-on authentication and navigation.
Technical Specifications
The following technical specifications define the means by which to log on to LearningBuilder™ from an external system.
Logging in from the external system
If the sign-in succeeds, LearningBuilder™ will execute a demographic synchronization if a Demographic URL is provided (see section 6) and then redirect the user to their LearningBuilder™ landing page. If the sign-in or demographic synchronization fails, LearningBuilder™ will redirect the user to a landing page on the external system.
To connect via single-sign on, the external system will need to construct a querystring with the following contents:
Component | Explanation | Comment |
YourSite | A LearningBuilder™ sub-domain, usually the client’s acronym. | Custom URLs are acceptable. |
UID | The identifier of the visitor attempting to sign on to LearningBuilder™ through the external system. | |
TimeStamp | A time stamp generated to establish the authentication token. | |
Token | The encrypted token. | |
SuccessURL | The landing page when sign-on is successful. This is useful if you want the user to land on a page other than their default landing page. A list of supported Success URLs is found here. | Optional. If the URL to redirect to is for a page outside of LearningBuilder™, then the provided URL must be fully qualified, i.e. begin with 'HTTP://'. If not provided, the user will be taken to their default landing page. |
FailureURL | The landing page of the external system when sign-in is not successful. | Optional. If not provided, the user will be taken to the default error page. |
bypassDemographics | Set to "true" if you are not using the Demographic Synchronization Service, or are testing and want to bypass it. | Optional. If true, the demographics synchronization will be skipped. |
Logging off from LearningBuilder™
When the user logs off of LearningBuilder™, they are redirected to the LogOffURL. This URL is specified through configuration of LearningBuilder™ and must be provided to the technical team during system configurations.
In addition, a CustomLoginUrl (new in LearningBuilder 7.22.0) can be defined which Users will be redirected to upon login when they do not have an active session. When not specified, it defaults to /account/login/. -->
Please create a Support Ticket to make changes to the LogOffURL and CustomLoginUrl.