Single Sign On (SSO) method allows your learners to access eduMe without the need to create or sign in to another account.
Consider the following factors when making a decision about this method:
- Learners can access the content only when they have your company’s accounts. You can disable access when offboarding learners.
- Learners don’t have to create separate log in credentials and maintain them.
- You can share one standard link with all learners.
- If your SSO system supports additional security features such as multi-factor authentication, these can be used to secure your users' access to eduMe as well.
- You may require some development effort to implement this authentication method. Refer to the Setting up SSO section for more details.
- Available on web and app.
Setting up SSO
The integration is based on Authorization Code based OAuth flow, and an additional API request required to get basic user information from your systems.
Here’s the information we’ll need in order to set up SSO links:
|client_id||OAuth Client ID you create for eduMe in your systems|
|client_secret||OAuth Client Secret you create for eduMe in your systems|
|login_url||Your SSO login page to which we redirect users for signing in. More specifically the base URL to which we add the required parameters: response_type=code, client_id, redirect_url, scope, and state|
|get_token_url||Your authorization server's token endpoint which allows us to get a bearer token from authorization code|
|get_user_url||Endpoint to get a user (using the token as auth)|
|user_fields||Listing of which fields in the get user response to extract basic user information from|
|company_name||(Optional) Override how your company is referred to when presenting the users with a link saying "Sign in with your account"|
Note: eduMe supports OAuth2 and SAML based SSO.
Depending on whether your systems are based on a commercially available identity product that already supports OAuth2, or if they are bespoke systems, you need to do different things.
In the former case, you may need to just configure eduMe as a new SSO client, creating the ID and secret listed above, whereas in the latter you will likely need to integrate additional libraries to your systems to support OAuth2.
SSO with direct access to a course
Here's a short video demonstrating the learner experience directly accessing eduMe content via SSO using Google as the Identity Provider. This illustrates the open sign-up user experience where the learner has received an email or other notification containing the course link.
SSO with access to a team
In this video, we look at a different learner experience where a learner accesses content which is assigned to them by their membership of an eduMe team. Again, the example uses Google as the Identity Provider. This illustrates the open sign-up user experience where the Learner has received an email or other notification containing the team link.
If you have any questions on SSO authentication, contact firstname.lastname@example.org or your customer success manager.