SAML Integration Checklist - Identity Provider
- Seth Petry-Johnson
- Mallory Bucell
This document outlines the process for standing up a new SAML integration with a partner that will act as an Identity Provider.
(In this case, LearningBuilder is the Service Provider.)
Overview
In order to implement a new SAML integration you will need:
The partner’s SAML metadata URL
The piece of information that the partner uses to uniquely identify a person (email, unique identifier, some other attribute)
The specific claims that the partner will be providing
SAML Metadata URL
The partner should provide a URL to a publicly accessible endpoint that provides the information necessary for the SAML flows. You will need this to create the partner in the Sys Admin → Identity Management area.
The partner’s metadata for PROD is: | |
|---|---|
The partner’s metadata for the QA SANDBOX is: | Whatever_the_name_of_the_field_in_the_payload_is… |
Unique identifier
The partner must provide a piece of information that uniquely identifies a member in LearningBuilder. Email address is commonly used, but any Attribute that uniquely maps to a Member will work.
The data field used as an identifier is: | Email, Unique Identifier, etc… |
|---|---|
The full name of the claim in the SAML payload is: | Whatever_the_name_of_the_field_in_the_payload_is… |
Claims
If you want LearningBuilder to create new Member accounts during SSO then you will need to define claim mappings for Email (which may be covered by the identifier), First Name, and Last Name.
You can optionally map other Extrinsic Attributes to claims as well, which will be updated in LearningBuilder during the SSO process.
Full name of claim in SAML payload | Mapped LB Attribute | LB Attribute ID | Notes |
|---|---|---|---|
Whatever_the_name_of_the_field_is…. | SomeAttributeName |
|
|
|
|
|
|