Status

Single sign on (SSO)

Modified on Tue, 9 Jul at 9:32 AM

Single sign on (SSO in short) enables end users to log in just once, and be granted access automatically to multiple other applications and resources for which the same (delegated) access has been set up. Frequently used for this today are SSOs based on Office 365, Google or Facebook. The account that you have at one of those providers, might be used to gain access to other applications that have been set up to allow that.

The main reasons for organizations to set up an SSO, are:

  • Convenience for the end user (you only need to remember 1 username and password).
  • More control over the login procedure, making the network more secure.


Types of SSO

Below you find a summary of the types of SSO that have been set up and are supported by Courseware.

Protocol/methodPeopleFluent LMSTotara
SAML (TCC preferred solution)VV
CAS
V
LDAPVV
OpenID/OAUTH 2.0VV


User Provisioning

User Provisioning allows an organization to make user data available to multiple applications. Although in some cases, this can be facilitated in the Single Sing On process, this is not regarded as SSO.

By default, the User Provisioning option will not be set up. TCC's way of working is to create the users asynchronously on the basis of a CSV-file containing the desired user information. The main reason is that this allows us to import more data fields than only those required for logging in.

PeopleFluent LMS - importing user data

In the case of the PeopleFluent LMS, we will ask the customer to periodically place a CSV-file on a location on our server. From there, the file will be picked up by the daily system processes. The file should be formatted in the same way as a dataloader file that could be uploaded manually via the dataloader.


Totara - HR-import

In the case of Totara, we will ask the customer to periodically place CSV-files (e.g. users, positions and organizations) on a location on our server. From there, the files will be picked up as part of the CRON-jobs.

 

Glossary

Term

Description
SAMLSecurity Assertion Markup Language is an XML-based standard for exchanging authentication and authorization data between domains.
CASThe Central Authentication Service is a single sign-on protocol for the web.
SSOSingle Sign-on
LDAPLightweight Directory Access Protocol is a network protocol that describes how data from directory services should be approached over e.g. TCP/IP.
OpenIDOpenID is a decentralized authentication mechanism to enable Single Sign On on the Internet. 
OAuthOpen Authorization is an open standard for authorization.
ADFSActive Directory Federation Services is a Single Sign-On solution created by Microsoft.
AzureMicrosoft Azure Platform is a cloud computing platform from Microsoft through which a number of internet services can be offered via the internet or within the company's network.
IdP

Identity Provider is the party (the system) that contains the identities of the users. This system provides the identities to the SP.

This is the SAML Authority.

If the workflow from the SAML protocol is started from the IdP, this is called IdP initiated.

As a rule, this is the customer's system!

SP

The Service Provider is the party (the system) onto which login is provided by means of an authenticated identity from another party (IdP). This system uses the identities from the other system to allow login and enforce authorization.

This is the SAML Consumer.

If the workflow from the SAML-protocol is started from the SP, this is called SP initiated.

As a rule, this is the system at the learning environment side!

LMSLearning Management Systeem


 

Standard protocol TCC

The standard protocol used by Courseware to set up SSO to the customer's learning environment is SAML.

PeopleFluent LMS: The protocol can be applied in two variations:

  • For ADFS/Azure. In this case, we use Shibboleth as the SP.
  • For other SAML-compliant systems (e.g. OKTA, SIMS and Custodix). In this case, we use a custom connector developed by TCC.

Totara: The protocol is used based on the SimpleSAMLphp plugin.

Request to set up SSO

Requesting to set up SSO is always done via a consultant. SSO can be requested during an implementation or at a later time. Are you interested in using SSO? Please contact your consultant or account manager for the next step in the process.


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article