By default, the LMS provides a standard login feature enabling Users to log in using a username and password.
Usernames are unique to the LMS client installation and can be alphanumeric or an email address.
Passwords are stored as a secure one-way salted hash so that they cannot be retrieved.
Password rules are configurable to include minimum length, number of alphanumeric characters, number of login attempts and ability to define a regular expression to set specific format rules.
The advantage of this access option is that no specific configuration is required to log into the LMS. A disadvantage is that the User’s password is unique to the LMS and has to be managed separately by the User.
For the sign-on approaches listed below, the User does not need to maintain a password specific to the LMS but configuration is required to enable these alternative authentication mechanisms.
Single sign-on allows a User to navigate to the LMS from another client site (e.g. the User’s Intranet site account) without having to log into the LMS explicitly. The User must already be authenticated within their own site. This allows fluid transition between the client’s site and the LMS.
The LMS supports SSO via the SAML 2.0 standard.
The Security Assertion Mark-up Language (SAML) is an XML-based standard for exchanging authentication and authorisation data between security domains, that is, between an Identity Provider and a Service Provider. SAML is a product of the OASIS Security Services Technical Committee.
The Service Provider relies on the Identity Provider (client) to identify the principal. At the principal's request, the Identity Provider passes a SAML assertion to the Service Provider (The LMS). Based on the SAML assertion, the LMS can then authenticate the User.
Same sign-on is a mechanism by which a User arrives at the LMS login page but enters the same credentials as they would for their client system (e.g. their Intranet login credentials).
When these credentials are entered into the LMS login page they are passed to a client web service to authenticate. The client system responds with an authentication response which allows login to the LMS if authentication is successful.
The advantage of this login mechanism is that the User only has a single username and password for their client system and for the LMS.
Note that it is possible to have a mix of same sign-on and standard login Users within the LMS if required.