ClearCompany Learning: Single Sign On Information

Follow

This article provides detailed instructions on how to configure and implement Single Sign-On (SSO) for ClearCompany Learning using the industry-standard SAML 2.0 protocol. SSO enables users to access the Learning Management System (LMS) without needing a separate username and password by authenticating through your organization’s Identity Provider (IDP).

Note:

ClearCompany strongly recommends working with your IT team during this process, as the configuration involves technical settings on both sides.

In this article:
Overview
SSO Setup Process Overview
Required SAML Attributes
Setting Up Single Sign-On
SAML Identity Providers
Additional Configuration Guides

Overview

ClearCompany Learning uses built-in SAML 2.0 Service Provider (SP) capabilities to support SSO. Your organization’s Identity Provider (IDP) will authenticate users and pass the necessary attributes to the LMS, allowing seamless user access. The overall setup includes:

  • Reviewing the latest documentation.
  • Sharing your metadata file with ClearCompany Learning.
  • Finalizing the SSO configuration.
  • Testing and troubleshooting.

Note:

Single Sign-On information in this article is relevant for ClearCompany Learning organizations only. For information, reach out to ClearCo.


SSO Setup Process Overview

Use the steps below to set up single sign-on (SSO) with ClearCompany Learning:

  1. Share the metadata XML file from your SAML 2.0 identity provider (IdP) with ClearCompany.
  2. ClearCompany learning will use this to configure the LMS as a Service Provider (SP). This setup generates your unique Assertion Consumer Service (ACS) / reply URL. The ACS URL is the endpoint where your identity provider sends authentication responses.
  3. ClearCo will then send back a finalized metadata file for your team to use.
  4. ClearCompany learning will conduct testing and help resolve any issues.

Turnaround time will be confirmed after we receive your IDP metadata.

Required SAML Attributes

To authenticate users successfully, your IdP must send one of the following attribute sets.

Required Attributes:

  1. Service Provider (SP) Entity ID (Identifier): ElanServiceProvider.
  2. Assertion Consumer Service (ACS) / Reply URL: Generated after we receive your IdP metadata.
  3. Required User Identifier
    • Option One: Username Match
      • Use this option if you know the usernames in ClearCompany Learning.
      • elan_username (must be an exact match with the username in the learning platform). 
    • Option Two: Name and Email Match
      • Use this option if usernames are unknown
        • elan_first_name
        • elan_last_name
        • elan_email
      • How matching works
        • We look for a user who matches all provided attributes.
        • If exactly one match is found, the user signs in.
        • If no matches or multiple matches are found, access is denied.
        • Exact matching helps prevent duplicate accounts and ensures secure access.
  4. Optional Attributes: 
    • TargetUrl: Redirects the user to a specific page after sign-in. If not provided, the user lands on the dashboard.
    • object_id: Passes a specific object ID.
    • batch_id: Passes a specific assignment batch ID.
    • User Auxiliary fields (example: Employee number): Supported if your organization uses a User Auxiliary Field. For more information, refer to: ClearCompany Learning: Auxiliary Fields.
  5. IdP-initiated and SP-initiated SSO are both supported. Most organizations use IdP-initiated sign-in, where users open ClearCompany Learning from their SSO portal.

Note

  • Just-in-time (JIT) provisioning is not supported. Users must already exist in the LMS before they can sign in with SSO.
  • ClearCo supports signing certificates only. Your IdP metadata XML includes the signing certificate, which we import during configuration.

Setting Up Single Sign-On

Single Sign-On (SSO) is built into the learning platform by default, and it enables users authenticated to an external system to access the learning platform directly.

To proceed:

  • Your IT team must configure a SAML 2.0-compliant Identity Provider (IDP).
  • When ready, send your IDP’s metadata to support@clearcompany.com.
Setting SSO Guide

To configure Single Sign-On in the learning platform:

  1. From the administration dashboard, click Settings, then click Options. (click image to enlarge)

    Options Choice.png 

  2. Click Integrations.

    Integrations.png 

  3. Navigate to the "SAML 2.0 Single Sign-On" option.

    Brainier SSO.png 

  4. Send the metadata XML from your SAML 2.0 IDP.
  5. ClearCompany Learning will configure the service provider and send you the finalized metadata.
  6. Your team will test the SSO setup, and ClearCompany Learning will assist with follow-up steps.

SAML Identity Providers

SAML (Security Assertion Markup Language) is an XML-based framework that allows identity and attribute information to be securely exchanged between systems. It enables your organization to assert the identity of users across systems without requiring multiple logins.

Popular SAML Identity Providers (IDPs)

If you have not yet implemented a SAML IDP, here are some example products:

Additional Configuration Guides

ADFS SAML 2.0 IDP Config Guide for Brainier Elan LMS
Azure SSO Config Guide
Okta SSO Config Guide

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.