Status
Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Single sign on (SSO)

            Modified on Tue, 9 Jul at 9:32 AM

            Single sign on (SSO in short) enables end users to log in just once, and be granted access automatically to multiple other applications and resources for which the same (delegated) access has been set up. Frequently used for this today are SSOs based on Office 365, Google or Facebook. The account that you have at one of those providers, might be used to gain access to other applications that have been set up to allow that.

            The main reasons for organizations to set up an SSO, are:

            • Convenience for the end user (you only need to remember 1 username and password).
            • More control over the login procedure, making the network more secure.


            Types of SSO

            Below you find a summary of the types of SSO that have been set up and are supported by Courseware.

            Protocol/methodPeopleFluent LMSTotara
            SAML (TCC preferred solution)VV
            CAS
            		V
            LDAPVV
            OpenID/OAUTH 2.0VV


            User Provisioning

            User Provisioning allows an organization to make user data available to multiple applications. Although in some cases, this can be facilitated in the Single Sing On process, this is not regarded as SSO.

            By default, the User Provisioning option will not be set up. TCC's way of working is to create the users asynchronously on the basis of a CSV-file containing the desired user information. The main reason is that this allows us to import more data fields than only those required for logging in.

            PeopleFluent LMS - importing user data

            In the case of the PeopleFluent LMS, we will ask the customer to periodically place a CSV-file on a location on our server. From there, the file will be picked up by the daily system processes. The file should be formatted in the same way as a dataloader file that could be uploaded manually via the dataloader.


            Totara - HR-import

            In the case of Totara, we will ask the customer to periodically place CSV-files (e.g. users, positions and organizations) on a location on our server. From there, the files will be picked up as part of the CRON-jobs.

             

            Glossary

            Term

            		Description
            SAMLSecurity Assertion Markup Language is an XML-based standard for exchanging authentication and authorization data between domains.
            CASThe Central Authentication Service is a single sign-on protocol for the web.
            SSOSingle Sign-on
            LDAPLightweight Directory Access Protocol is a network protocol that describes how data from directory services should be approached over e.g. TCP/IP.
            OpenIDOpenID is a decentralized authentication mechanism to enable Single Sign On on the Internet. 
            OAuthOpen Authorization is an open standard for authorization.
            ADFSActive Directory Federation Services is a Single Sign-On solution created by Microsoft.
            AzureMicrosoft Azure Platform is a cloud computing platform from Microsoft through which a number of internet services can be offered via the internet or within the company's network.
            IdP

            Identity Provider is the party (the system) that contains the identities of the users. This system provides the identities to the SP.

            This is the SAML Authority.

            If the workflow from the SAML protocol is started from the IdP, this is called IdP initiated.

            As a rule, this is the customer's system!

            SP

            The Service Provider is the party (the system) onto which login is provided by means of an authenticated identity from another party (IdP). This system uses the identities from the other system to allow login and enforce authorization.

            This is the SAML Consumer.

            If the workflow from the SAML-protocol is started from the SP, this is called SP initiated.

            As a rule, this is the system at the learning environment side!

            LMSLearning Management Systeem


             

            Standard protocol TCC

            The standard protocol used by Courseware to set up SSO to the customer's learning environment is SAML.

            PeopleFluent LMS: The protocol can be applied in two variations:

            • For ADFS/Azure. In this case, we use Shibboleth as the SP.
            • For other SAML-compliant systems (e.g. OKTA, SIMS and Custodix). In this case, we use a custom connector developed by TCC.

            Totara: The protocol is used based on the SimpleSAMLphp plugin.

            Request to set up SSO

            Requesting to set up SSO is always done via a consultant. SSO can be requested during an implementation or at a later time. Are you interested in using SSO? Please contact your consultant or account manager for the next step in the process.


            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0