Single Sign-On and Authentication

Itslearning provides a range of SSO and authentication options.

These are licensed services, available upon request to your local itslearning team.

On these pages, we provide some reference information on these services, focusing on the steps required to set up on the customer end.

Please note that a user provisioning with either IMS Enterprise XML or IMS Enterprise Services API is a practical prerequisite for a well functioning SSO.

eLogin

eLogin is itslearning's component for authentication with external systems. It supports multiple authentication protocols including SAML 2.0 and OIDC (please see further details below). Also older protocols such as LDAP and CAS are supported.

We have ready-to-use integrations with several national federations and identity solutions and can work with any SAML2.0 federation using a hub and-spoke infrastructure. Examples include but are not limited to Feide and ID-porten in Norway, wayf.dk and Unilogin in Denmark, MPASSid in Finland and SurfCoNext in the Netherlands.

A typical implementation project consists of the following steps:

Choice of authentication protocol
Choice of user attributes to be used in the SSO process. itslearning does not provision user accounts from SSO, so for a user to be able to log in, the account must be pre-provisioned
Set up of the SSO in a test environment
Verification and acceptance
Deployment in production environment

SAML 2.0

itslearning SAML 2.0 Service Provider metadata

The below metadata sets are proven to work with most SAML 2.0 compliant IDPs. We have other SP metadata available if needed.

Production environment:

https://eu1.itslearning.com/integrations/SamlMetadata/EU1/itslearning_saml2v2_SP_metadata_prod_eu1_v3.xml

Test environment:

https://www.itslintegrations.com/integrations/SamlMetadata/T2/itslearning_saml2v2_SP_metadata_itslintegrations.xml

Customer-side configuration tutorials:

Microsoft Office 365/Azure AD (click GET IT NOW to open the setup tutorial): https://azuremarketplace.microsoft.com/en-us/marketplace/apps/aad.itslearning?tab=Overview
- In the setup, these values apply:
  - test (itslintegrations.com)
    - Sign-on URL: https://www.itslintegrations.com/Index.aspx
    - Identifier: urn:mace:saml2v2.no:services:com.itslearning.itslintegrations
    - Reply URL: https://www.itslintegrations.com/eLogin/AssertionConsumerService.aspx
  - production
    - Sign-On URL: https://eu1.itslearning.com/index.aspx
    - Identifier: https://eu1.itslearning.com/integrations/samlmetadata/saml2v2/3
    - Reply URL: https://eu1.itslearning.com/eLogin/AssertionConsumerService.aspx
Google: https://support.google.com/a/answer/7674299

Open ID Connect (OIDC)

Information about itslearning that will be needed when doing the setup on OpenID provider side is listed below. The <domain> part will be clarified together with an itslearning consultant in the setup process.

Parameter	Value
Authorize endpoint (sometimes named redirect_uri)	<domain>/elogin/openidconnect/authorize
Logout endpoint	<domain>/elogin/openidconnect/logout
Front channel logout (logout initiated by the IDP)	<domain>/elogin/openidconnect/frontchannellogout
Client authentication method	"ClientSecretPost" or "PrivateKeyJwt"
Response type	"code"
Response mode	"query"
Grant type	"authorization_code"
Scope	"openid"

Also an UserInfo endpoint is supported to get additional claims.

In return, itslearning will need to get required parameters from the OpenID Provider's "well-known" URL, together with a ClientID and ClientSecret.