Single sign-on (SSO) allows a User to log in to the LMS from another location, for example your intranet, without having to enter additional login credentials.
The LMS implements the SAML 2.0 standard, which allows you to set up SSO with any system which also supports SAML such as ADFS or Azure AD.
See our guide on User access options for more information.
You can manage your own SAML SSO using SAML Configuration in Site Settings.
If you wish to use ADFS for your Identity Provider, you may refer to the document Configuring ADFS for the LMS SAML Single Sign On which will be shared with you during your site implementation.
Note: The Configuring ADFS for the LMS SAML Single Sign On document is a guide intended to assist rather than be exact instructions as we cannot account for every possible version of ADFS. Whilst we have only documented setting up a SAML SSO integration in ADFS, it should work with any system which supports a SAML 2.0 integration.
Configuring an Identity Provider
You will need to create an Identity Provider in the LMS in order to SSO from your system into the LMS. The simplest way to do this is to import SAML metadata using the Import Provider button. This will populate most of the required fields for you based on the settings of the system you want to set up an SSO link from. Alternatively, you can create an Identity Provider without using metadata by clicking the Add Provider button above the Identity Providers section and populating the fields manually.
You can export metadata from the LMS to import into your system by clicking the Export Metadata button.
Once you have created your Identity Provider by importing your metadata or manually by clicking the Add Provider button, you can upload the public certificate which will be used to verify the signatures created by your system.
You can download the LMS public certificate for signature verification in your system by clicking the Download Certificate link in the Identity Provider’s settings.
The rest of the settings will depend on the choices you have made about your SAML SSO integration and will need to correspond to how your Identity Provider system is configured. Contextual Help is provided for each of the options available.
Note: The Create User option is for internal testing purposes only. We recommend that you create Users in the LMS via a data feed, and that SHA256 or greater is used as a signature method.
Troubleshooting
Should you experience any errors during the implementation of your SAML SSO, the LMS provides a list of SAML related errors on the SAML Configuration page in Site Settings to help the troubleshooting process.