This article provides detailed instructions on how to configure and implement Single Sign-On (SSO) for ClearCompany Learning using the industry-standard SAML 2.0 protocol. SSO enables users to access the Learning Management System (LMS) without needing a separate username and password by authenticating through your organization’s Identity Provider (IDP).
Note:
ClearCompany strongly recommends working with your IT team during this process, as the configuration involves technical settings on both sides.
In this article:
Overview
SSO Setup Process Overview
Required SAML Attributes
Setting Up Single Sign-On
SAML Identity Providers
Additional Configuration Guides
Overview
ClearCompany Learning uses built-in SAML 2.0 Service Provider (SP) capabilities to support SSO. Your organization’s Identity Provider (IDP) will authenticate users and pass the necessary attributes to the LMS, allowing seamless user access. The overall setup includes:
- Reviewing the latest documentation.
- Sharing your metadata file with ClearCompany Learning.
- Finalizing the SSO configuration.
- Testing and troubleshooting.
Note:
Single Sign-On information in this article is relevant for ClearCompany Learning organizations only. For information, reach out to ClearCompany.
SSO Setup Process Overview
Follow these steps to configure SSO with ClearCompany Learning:
- Have your technical team review the latest ClearCompany Learning SSO documentation.
- Send ClearCompany the metadata XML file from your SAML 2.0 Identity Provider (IDP).
- ClearCompany learning will use this to configure the LMS as a Service Provider (SP).
- ClearCompany will then send back a finalized metadata file for your team to use.
- ClearCompany learning will conduct testing and help resolve any issues.
Required SAML Attributes
To ensure successful user authentication, your IDP must provide one of the following sets of attributes:
Required Attributes (Choose One Option):
- Option One: elan_username (must be an exact match with the username in the learning platform).
-
Option Two: (if username is unknown)
- elan_first_name
- elan_last_name
- elan_email
-
If multiple users match the given attributes, the system will return an error and deny access.
-
Optional Attributes:
- TargetUrl
- object_id
- batch_id
- AUX- Employee Number
Setting Up Single Sign-On
Single Sign-On (SSO) is built into the learning platform by default and it enables users authenticated to an external system to access the learning platform directly.
To proceed:
- Your IT team must configure a SAML 2.0-compliant Identity Provider (IDP).
- When ready, send your IDP’s metadata to support@brainier.com.
To configure Single Sign-On in the learning platform:
- From the administration dashboard, click Settings, then click Options.
- Click Integrations.
- Navigate to the "SAML 2.0 Single Sign-On" option.
- Ask your IT team to review the latest documentation: Brainier Elan REST API V2 Guide.
-
Send the metadata XML from your SAML 2.0 IDP.
- ClearCompany Learning will configure the service provider and send you the finalized metadata.
- ClearCompany Learning will test the SSO setup with your team and assist with follow-ups.
SAML Identity Providers
SAML (Security Assertion Markup Language) is an XML-based framework that allows identity and attribute information to be securely exchanged between systems. It enables your organization to assert the identity of users across systems without requiring multiple logins.
Popular SAML Identity Providers (IDPs)
If you have not yet implemented a SAML IDP, here are some example products:
- Microsoft Azure
- Active Directory Federation Services (ADFS)
- Okta
- SimpleSAMLphp
- Shibboleth OpenSAML-Java
- EasyConnect
- ForgeRock OpenAM
- Ping Identity
- Auth0
- OneLogin
- PingFederate
Comments
Please sign in to leave a comment.