General Information for Single Sign On via SAML 2.0
General Information for Single Sign On via SAML 2.0
We currently have documentation for configuring SSO with the following Identity Providers:
If you are utilizing these identity providers, please consult the documentation for that specific IdP for configuration guidance.
LearnPlatform will also integrate with any Identity Provider implementing SSO with SAML 2.0. The information below outlines general information about the fields typically used to establish a SAML 2.0 connection with an organization’s IdP.
Prerequisites include:
- A purchased LearnPlatform subscription: Organizations who are utilizing the Free Inventory Dashboard do not have the ability to configure and enable Single Sign On
- Organization Administrator access to your organization’s LearnPlatform account: Navigate to Settings > Single Sign On.
- Your subdomain: your organization’s unique LearnPlatform URL. Your subdomain is found under Settings > Display Appearance. Once SSO is enabled, your users will be able to access LearnPlatform by navigating to: https://[YOURsubdomain].app.learnplatform.com
- Administrator access to your organization’s Identity Service Provider dashboard and SAML console.
Note: You may need to work with your identity provider to identify and configure the fields/URLs needed. Please contact your IdP directly for guidance. |
SAML 2.0 Configuration: Navigate to Settings > Single Sign-On > SAML 2.0 in LearnPlatform. The page should appear as below.
- Identity Provider Redirect URL- This is also known as the SSO Service URL or Log On URL provided by your IdP. Paste the Login URL into the Identity Provider Redirect URL text box on the LearnPlatform Single Sign-On setup screen.
- Identity Provider Logout URL- Some IdP’s provide a SingleLogoutService (or Logout) URL, but it is not required. Paste the Logout URL into the Identity Provider logout URL text box on the LearnPlatform Single Sign-On setup screen.
- Attribute mapping -The attributes LearnPlatform utilizes from the identity provider are the user’s email and first/last names. Go to LearnPlatform’s SAML setup page and enter the same attribute mapping fields as in your IdP SAML Console. Note: For some IdP’s, this may be a specific URL associated with the attribute, while others may just provide the attribute.
- X509 Certificate - In your IdP SAML console, identify the SAML Signing Certificate section. It may give you the option of downloading an XML file, or it may allow you to simply copy the certificate text directly. Once you’ve identified the certificate, enter in the BEGIN and END certificate information as displayed below. Be careful to not include any extra line breaks or spaces, as this will cause an error.
-----BEGIN CERTIFICATE-----
Paste certificate here
-----END CERTIFICATE-----
Toggle on “User organization’s domain for callback URLs.” The below URLs may be needed by your IdP in the SAML console:
- AssertionConsumerService (ACS) URL/callback url: Your ACS URL in your Service Provider Details for the LearnPlatform app is https://[YOURsubdomain].app.learnplatform.com/users/auth/saml/callback/
- Entity ID/Metadata URL: Your Entity ID/Metadata url in your Service Provider Details for the LearnPlatform app is: https://[YOUR subdomain].app.learnplatform.com/users/auth/saml/metadata/
Additional information:
- Once SSO has been configured and enabled, members of your organization can access LearnPlatform at: http://YOURDOMAIN.app.learnplatform.com (e.g., http://springfield.app.learnplatform.com)
- If at any moment you are locked out of your LearnPlatform account, please contact your designated Project Consultant. If you have completed implementation, please send a note to support-lp@instructure.com. They will disable SSO, which will allow you to manual login and re-configure.
- If you are needing to configure an application badge, you may use the following for the icon URL.