Introduction
All users accessing Civica Learning, either via the Web learner portal or Mobile Learning Apps, must login. There are two modes of operation:
- Forms authentication. Where usernames and passwords are supplied and authentication occurs directly against the Civica Learning user store.
- SSO authentication. Where an external, trusted identity provider (IdP) handles the authentication in a federated manner. A common example is a corporate Active Directory accessed via Active Directory Federation Services (AD FS) or an alternate federated identity provider such as PingFederate. In SSO scenarios, authentication is handled by the external system and only when authentication is successful is a token provided to Civica Learning, which allows the user to access the system. In addition to the user identifier, the token typically contains other claims corresponding to the user’s group membership for example. The number and types of claims provided in the token, and how these are used by Civica Learning, is determined by the IdP configuration and the SSO integration configuration.
What external, federated identity providers does Civica support for SSO purposes?
Civica Learning supports a wide range of federated identity provides including Microsoft Active Directory Federation Services (AD FS), PingFederate, Yandex, Vkontakte, Microsoft Azure AD, SalesForce, Box, Amazon, and several other providers including social providers including LinkedIn, Twitter, Google and Facebook.
How are passwords stored and protected?
In SSO mode, no passwords are maintained by the Civica Learning lms because no authentication occurs directly against the platform. The lms is presented with a token following successful authentication against the external federated identity provider.
Configuring SSO authentication
The Civica Learning support team will configure the SSO connection for your lms as part of system implementation. To complete the setup we will require you to perform various preparatory steps. The exact steps will depend on the IdP that you are using with the system.
In addition to sign-on, with some providers the lms can also provision user accounts in the lms on first user login, and update user profiles each time a user subsequently logs in. This requires additional configuration by the Civica Learning support team, and depending on your IdP, may require additional configuration in your on-premises (or otherwise controlled by you) systems.
Please follow the links below for more details on the steps necessary, and the information required, to configure SSO with some of the common IdPs that we integrate with.
- How To: Use AD FS as the IdP for SSO
- How To: Use Azure AD as the IdP for SSO
- How To: Use Active Directory as the IdP for SSO (without AD FS / with LDAP connector)
If your IdP is not included in this list, please contact us, as we can normally support other IdPs in addition to those listed above.
Related
- How To: Use AD FS as the IdP for SSO
- How To: Use Azure AD as the IdP for SSO
- How To: Use Active Directory as the IdP for SSO (without AD FS / with LDAP connector)
Comments
0 comments
Please sign in to leave a comment.