By default, Unicorn LMS provides a standard login feature enabling Users to login to the LMS using a username and password.
Usernames are unique to the Unicorn LMS client installation and can be alphanumeric or an email address.
Passwords are stored as a secure one-way salted hash so that they cannot be retrieved.
Password rules are configurable to include minimum length, number of alphanumeric characters, number of login attempts and ability to define a regular expression to set specific format rules.
The advantage of this access option is that no specific configuration is required to log into the Unicorn LMS. A disadvantage is that the User’s password is unique to the Unicorn LMS and has to be managed separately by the User.
For the sign-on approaches listed below, the User does not need to maintain separate passwords but configuration is required to enable these alternative authentication mechanisms.
Single sign-on allows a User to navigate to the Unicorn LMS from another client site (e.g. the User’s Intranet site) without having to log into the Unicorn LMS explicitly. The User must already be authenticated within their own site. This allows fluid transition between the client’s site and the Unicorn LMS.
The Unicorn LMS supports single sign-on via the SAML 2.0 standard.
The Security Assertion Mark-up Language (SAML) is an XML-based standard for exchanging authentication and authorisation data between security domains, that is, between an identity provider and a service provider. SAML is a product of the OASIS Security Services Technical Committee.
The service provider relies on the identity provider (client) to identify the principal. At the principal's request, the identity provider passes a SAML assertion to the service provider (Unicorn LMS). Based on the SAML assertion, the Unicorn LMS can then authenticate the User.
Same sign-on is a mechanism by which a User arrives at the Unicorn LMS login page but enters the same credentials as they would for their client system (e.g. their Intranet login credentials).
When these credentials are entered into the Unicorn LMS login page they are passed to a client web service to authenticate. The client system responds with an authentication response which allows login to the Unicorn LMS if authentication is successful.
The advantage of this login mechanism is that the User only has a single username and password for their client system and for the Unicorn LMS.
Note that it is possible to have a mix of Same Sign-on and standard login Users within the Unicorn LMS if required.