Use Okta as an identity provider (IdP) for a seamless login for learners
Okta is an easy-to-use cloud identity management provider: https://www.okta.com
Okta's integration provides Single Sign-On (SSO) capacity:
- Users create a single set of credentials with Okta
- Okta lets users log in to many applications, including LearnUpon, with these credentials
- Okta keeps users' login details separate from their LearnUpon usage data
So, Okta never "sees" or records what courses users take, or their course outcomes. The Okta integration only provides access to their LearnUpon account. Adding Okta as a login option means LearnUpon admins can manage users in a centralized location.
Access permissions
The admin setting up the integration requires access to an Okta admin account.
Prerequisites
To set up OKTA SAML SSO you need:
- SAML SSO turned on for your portal
- any related custom user data fields set up in LearnUpon
See:
Setting up OKTA
From your OKTA Administrator Dashboard Developer Console:
- Select Classic UI from the dropdown in the upper-left
From your OKTA Administrator Dashboard Classic UI:
- Select Add Applications
Select the green Create new app button:
- Platform: Web
- Sign on method: SAML 2.0
- Select Create
On the Create SAML Integration General Settings page you can:
- Set an App Name (required)
- Upload an App Logo (optional)
- Select Next
On the Create SAML Integration Configure SAML page:
- Enter your LearnUpon portal SAML Entry Point into the Single Sign On URL field (required)
https://subdomain.learnupon.com/saml/consumer
- Enter an Audience URI (required)
learnupon.com
- Specify a Default RelayState
- Update the NameID Format
- Update the Application Username (NameID)
- Update Response Algorithms and Signatures
- Specify a Digest Algorithm as SHA-1 (required)
- Specify Attribute Values with Names, Formats, and Values
- Specify Group Attribute Values with Names, Formats, and Filters
- View a Preview SAML Assertion
Progress through the Create SAML Integration Feedback page.
On the Application > Sign On tab:
- Select View Setup Instructions under the SAML 2.0 Warning
On the Setup Instructions page you can:
- View Identity Provider Details
-
Download X.509 Certificate (required)
- Extract the SHA-1 Fingerprint of the certificate using the command line or an online tool
On the Application > Sign on tab:
- Scroll to SAML 2.0 and select More details to expand the list
- Copy the Sign on URL
- Use this URL in your portal SSO setup: go to Settings > Integrations > Single Sign On - SAML > General Setting > Identify Provider Location (IDP SSO Target URL)
See Set up SAML SSO for your portal > Complete general settings for background.
The following screenshot shows the location of the SAML 2.0 options in Okta.
This concludes the basic setup from OKTA. Navigate to your LearnUpon portal to continue setup.
The Import and Assignments pages contain additional settings for user assignments but are not required for setup.
Redirect URI
You can set a redirect_uri parameter with SSO, to redirect SSO users to a specific a web address after they log in.
Redirect the user to your catalog
https://yourportal.learnupon.com/saml/init?redirect_uri=/catalog
Redirect to a specific course on the catalog
https://yourportal.learnupon.com/saml/init?redirect_uri=/catalog/{course_id}
This example requires the destination course's ID in LearnUpon. To access course IDs:
- extract {course_id} using LearnUpon's API
- view course IDs in the application
See Find help: find and copy identifiers from your portal
Launch a specific course for the user
https://yourportal.learnupon.com/saml/init?redirect_uri=/enrollments/{enrollment_id}
This example requires the enrollment ID that you want to launch: the application generates this identifier when you enroll users. To access course IDs:
- extract {enrollment_id} using LearnUpon's API
- view enrollment IDs in the application.
See Find help: find and copy identifiers from your portal
Tip: To launch the course description page when the enrollment starts, add %3Fvd%3D1
to the end of your redirect_uri, which sends LearnUpon a redirect parameter of ?vd=1
.
Redirect the user to your store
https: //yourportal.learnupon.com/saml/init?redirect_uri=/store
Redirect to a specific course on the store
https://yourportal.learnupon.com/saml/init?redirect_uri=/store/{course_id}
This example requires the destination course's ID in LearnUpon. To access course IDs:
- extract {course_id} using LearnUpon's API
- view course IDs in the application
See Find help: find and copy identifiers from your portal
Disable login page
See: Set up SAML SSO for your portal
If you select Disable portal login page in Settings > Integrations> SAML SSO > General Settings, you can still access the portal login page by adding users/sign_in?no_sso=true to the standard portal URL. For example:
https:// yourportal.learnupon.com/users/sign_in?no_sso=true
Note: when you log in through SSO, you are authenticated for a single portal, rather than all your portals.
The portal switcher in your top navigation bar shows only the portals where you are already logged in. To retain access to all your portals through the portal switcher, log in through the LearnUpon sign-in page, by adding users/sign_in?no_sso=true
suffix to your portal URL.
Next steps with SAML SSO
See SAML SSO: send default and custom user data to LearnUpon about setting up additional customization for learners, to improve their learning experience.
See: