You can set up an SAML SSO on the platform with Okta.
The general process is as follows:
- add a custom URL to your platform;
- request the metadata URL;
- create an SAML custom app in Okta;
- send us the Okta setup instructions;
- wait for the green light.
1. Add a custom URL to your platform
See Customize the platform URL and keep « .360learning.com ».
In the following steps, we will call subdomain the part you before « .360learning.com ».
Example:
- In https://acme.360learning.com/home, the subdomain is « acme ».
2. Request the metadata URL
Once you’ve added a custom URL to your platform, send an email to your CSP or SA to request the metadata URL.
We will send you back a metadata URL, that looks like this:
- https://app.360learning.com/api/sso/saml/acme/metadata
Notice the acme
part towards the end of the URL. In Okta terms, this is called the SP Entity ID
, and will be needed to set up the application in Okta. In most cases, it will be identical to the subdomain.
Copy it somewhere, we’ll need it later.
3. Create an SAML custom app in Okta
Once you’ve received the metadata URL, create a new custom app in Okta.
- Go to the Okta admin dashboard (the URL should look like
XXX-admin.okta.com/admin/dashboard
) - In the left panel, click
Applications
>Applications
- On the top, click
Create App Integration
- Select
SAML 2.0
- On the bottom right, click
Next
3.1 General Settings
- In
App name
, enter the name for the app (for example: « 360Learning ») - On the bottom right, click
Next
3.2 Configure SAML
- In
Single sign on URL
, enterhttps://app.360learning.com/api/sso/saml/<SP-entity-ID>/postResponse
- In
Audience URI
, enter "https://app.360learning.com/" - In
Name ID format
, selectEmailAddress
- In
Attribute Statements (optional)
, add the following statements - On the bottom right, click
Next
You can edit the other optional fields, if you know what you’re doing.
3.3 Feedback
Choose either option, then click Finish
on the bottom right.
4. Send us the Okta setup instructions
Once you’ve created the custom app in Okta, send an email to your CSP or SA, with the Okta setup instructions, as well as the group ID on which you wish to use SSO, your choice on forced/mixed SSO, and user provisioning rules. The following sections detail each of those items.
4.1 Copy Okta setup instructions
When you’ve created the new application, Okta generates setup instructions, that allow us to connect them to your platform.
- Go to the Okta admin dashboard (the URL should look like
XXX-admin.okta.com/admin/dashboard
) - In the left panel, click
Applications
>Applications
- Click on the application created in the previous section
- On the top, click the section
Sign On
- In the yellow section, click
View Setup Instructions
- Copy and paste each field into the email for your CSP
- Identity Provider Single Sign-On URL;
- Identity Provider Issuer;
- X.509 Certificate (you can also click
Download certificate
, and send us the zipped.cert
file); - IDP metadata (copy everything; it is many lines long).
4.2 Find the group ID
You can set up SSO on the whole platform, or a specific group.
See Find the ID of a group. If you wish to activate SSO on the whole platform, get the ID of the platform group.
4.3 Choose between forced and mixed SSO
See Choose between forced and mixed SSO.
4.4 Choose the user provisioning rules
You can choose to activate or not user provisioning.
user provisioning: true
Authorized users who do not have an account on 360Learning when they first connect to the platform, are created an account on the fly, with first and last name corresponding to the values user.firstName
and user.lastName
in Okta. The user will be created as a learner in the group where the SSO is configured (from step 4.2).
You can see the list of authorized users in the Okta administration dashboard, in Applications
>Applications
>360Learning
>Assignments
.
user provisioning: false
Authorized users who do not have an account on 360Learning will be able to connect to the platform only after you invite them, or create an account for them.
You can see the list of authorized users in the Okta administration dashboard, in Applications
>Applications
>360Learning
>Assignments
.
4.5 Send all the info in an email
Check that the email contains all the following info:
-
- Identity Provider Single Sign-On URL;
- Identity Provider Issuer;
- X.509 Certificate (you can also click
Download certificate
, and send us the zipped.cert
file); - IDP metadata (copy everything; it is many lines long);
- Group ID on which SSO should be enabled;
- SSO type: forced or mixed;
- User provisioning rule: yes or no.
5. Wait for the green light
Once you’ve sent all the info to your CSP or SA, wait for a confirmation email that the SSO is activated on our side.
When we give you the green light, the SSO will be automatically be activated on your platform.