Single sign on (SSO in short) enables end users to log in just once, and be granted access automatically to multiple other applications and resources for which the same (delegated) access has been set up. Frequently used for this today are SSOs based on Office 365, Google or Facebook. The account that you have at one of those providers, might be used to gain access to other applications that have been set up to allow that.
The main reasons for organizations to set up an SSO, are:
- Convenience for the end user (you need to remember only 1 username and password).
- More control over the login procedure, making the network more secure.
Types of SSO
Below you find a summary of the types of SSO that have been set up and are supported by The Courseware Company (TCC).
| Protocol/method | PeopleFluent LMS | Totara |
|---|---|---|
| SAML (TCC preferred solution) | V | V |
| CAS | V | |
| LDAP | V | V |
| OpenID/OAUTH 2.0 | V | V |
User Provisioning
User Provisioning allows an organization to make user data available to multiple applications. Although in some cases, this can be facilitated in the Single Sing On process, this is not regarded as SSO.
By default, the User Provisioning option will not be set up. TCC's way of working is to create the users asynchronously on the basis of a CSV-file containing the desired user information. The main reason is that this allows us to import more data fields than only those required for logging in.
PeopleFluent LMS - importing user data
In the case of the PeopleFluent LMS, we will ask the customer to periodically place a CSV-file on a location on our server. From there, the file will be picked up by the daily system processes. The file should be formatted in the same way as a dataloader file that could be uploaded manually via the dataloader.
Totara - HR-import
In the case of Totara, we will ask the customer to periodically place CSV-files (e.g. users, positions and organizations) on a location on our server. From there, the files will be picked up as part of the CRON-jobs.
Glossary
Term | Description |
|---|---|
| SAML | Security Assertion Markup Language is an XML-based standard for exchanging authentication and authorization data between domains. |
| CAS | The Central Authentication Service is a single sign-on protocol for the web. |
| SSO | Single Sign-on |
| LDAP | Lightweight Directory Access Protocol is a network protocol that describes how data from directory services should be approached over e.g. TCP/IP. |
| OpenID | OpenID is a decentralized authentication mechanism to enable Single Sign On on the Internet. |
| OAuth | Open Authorization is an open standard for authorization. |
| ADFS | Active Directory Federation Services is a Single Sign-On solution created by Microsoft. |
| Azure | Microsoft Azure Platform is a cloud computing platform from Microsoft through which a number of internet services can be offered via the internet or within the company's network. |
| IdP | Identity Provider is the party (the system) that contains the identities of the users. This system provides the identities to the SP. This is the SAML Authority. If the workflow from the SAML protocol is started from the IdP, this is called IdP initiated. As a rule, this is the customer's system! |
| SP | The Service Provider is the party (the system) onto which login is provided by means of an authenticated identity from another party (IdP). This system uses the identities from the other system to allow login and enforce authorization. This is the SAML Consumer. If the workflow from the SAML-protocol is started from the SP, this is called SP initiated. As a rule, this is the system at the learning environment side! |
| LMS | Learning Management Systeem |
Standard protocol TCC
The standard protocol used by The Courseware Company to set up SSO to the customer's learning environment is SAML.
PeopleFluent LMS: The protocol can be applied in two variations:
- For ADFS/Azure. In this case, we use Shibboleth as the SP.
- For other SAML-compliant systems (e.g. OKTA, SIMS and Custodix). In this case, we use a custom connector developed by TCC.
Totara: The protocol is used based on the SimpleSAMLphp plugin.
Request to set up SSO
Requesting to set up SSO is always done via a consultant. SSO can be requested during an implementation or at a later time. Are you interested in using SSO? Please contact your consultant or account manager for the next step in the process.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article