TalentLMS v2.0 was released on Sunday the 30th of March, and with it came a number of important updates to make the administrator’s life easier, and the system more efficient for everyone. One of the features added was integration with Single Sign-On; let’s take a look at the properties, uses and benefits of SSO in a Cloud LMS environment.
Understanding Single Sign-On (SSO)
Consider how often you need to provide your credentials to access various services such as your company’s network, your webmail, your cloud apps and your favorite web application. Now consider that all these services can ask a central authentication service for your identity and let you in. This is the main idea behind Single Sign-On (SSO) and Federated Identity Management (FID).
The term Single Sign-On refers to the ability of accessing multiple resources with a single login operation. All you need to do is to provide your credentials to an Identity Provider (IdP) once and then let the Service Provider (SP) to request your identity each time you need to authenticate yourself. So you have to provide your username and password a single time to the Identity Provider, and the gain access to various services (such as TalentLMS) without the need to provide again your username and password. Your Identity is stored and managed by the Identity Provider and when you wish to login to a Service Provider, instead of providing your credentials, the Service Provider trusts the Identity Provider to validate your credentials and send back your authorization token which will let you in. Federated Identity Management (FID) is in fact the consept of storing and managing your identity in a single location, the Identity Provider.
TalentLMS is powered with SSO services and can act as a Service Provider (SP) through SAML 2.0 (Secure Assertion Markup Language) which allows exchanging of authorization data between TalentLMS (SP) and the Identity Provider (IdP).
TalentLMS supports a variety of Identity Providers such as:
- SAML 2.0 IdP
- Active Directory through ADFS 2.0
- Feide OpenIdP
Benefits of Single Sign-On
Utilizing the SSO service for your TalentLMS domain provides time-saving and financial benefits.
- Reduces the need to remember an excessive number of usernames and passwords. Under a corporate environment the user needs to remember only one set of credentials to access various resources in and out of the organization’s network.
- Increase productivity by avoiding re-entering your password to authenticate yourself in various resources again and again.
- Reduce IT costs by fewer help-desk requests for password resets.
- Centralized identity management allows quick and full control of each user.
Single Sign-On Scenarios
The figure bellow illustrates the process by which you can log in to your Talentlms domain through the SSO service in the case where the Identity Provider is hosted in your company’s network. This scenario is commonly referred to as SP-initiated login, in essence that your starting point is the Service Provider (Talentlms).
In the next figure you can see the log in process from an independent Identity Provider such as OneLogin. This scenario is commonly referred to as IdP-initiated login. OneLogin as well as other similar Identity Providers (such as Okta, Centrify) maintain a huge list of SSO-enabled web applications. One of them is Talentlms. The usual scenario is to log in to the Identity Provider and click on the Talentlms App tile in your App library.
Configuring Single Sign-On on TalentLMS
TalentLMS provides detailed guidelines for configuring your domain to provide SSO services. Follow the link bellow to our support and knowledge base:
Single Sign On (SSO) knowledge base
Originally published on: 02 Apr 2014