Relias Learning How-to Manual - Single Sign-On
Many organizations wish to allow users to seamlessly navigate back and forth between resources on their own company network and their Relias Learning training site. Single Sign-On allows organizations to achieve this without requiring users to log on when they open the Relias Learning site. In concept, the employee log-on information may be passed via the URL and authenticated against the organization’s active users. When the employee log-on information is authenticated, the user will be logged onto the system and automatically routed to their "My Learning" page.
What is Single Sign-On?
Single Sign-On is basically a way for users to log onto one computer or network (your company intranet for example), and use those same employee log-on credentials to seamlessly log onto another network (Reliasl Learning). As defined by Wikipedia:
Single sign-on (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them. As different applications and resources support different authentication mechanisms, single sign-on has to internally translate to and store different credentials compared to what is used for initial authentication.
Some of the benefits include the following:
• A convenient single log-on for multiple applications
• Reducing time spent re-entering passwords for the same identity
• Reducing IT costs due to lower number of IT help desk calls about passwords and user names for different applications
• Security on all levels of entry/exit/access to systems without the inconvenience of re-prompting users
For example, an employee could come into work and log onto their workstation. By clicking an “E-Learning” icon on the local intranet, they would be automatically taken to their My Learning page on your organization’s Relias Learning portal. From there they could take courses, print certificates, etc. When finished, the employee could either close the browser directly or click the 'Log Off' link and be navigated back to your company web page.
How do I integrate?
All Relias Learning LMS customers have the ability to set up a single sign-on, right out of the box. Setting this up requires three steps.
1. Enter all employees into your Relias Learning LMS portal.
2. Add your HTTP_REFERER values.
3. Modify a web page on your organization’s intranet to pass the appropriate URL querystring parameters to Relias when users authenticated wish to take courses.
The first and most important task is to load all employees onto the system, either manually through the Relias interface, through the XML Import User Spreadsheet, or through Web Services.
When loading employees, be sure to include First Name, Last Name, Username, Password, and GUID. GUID, in this case, may be an actual Active Directory Global Unique Identifier, or simply a text string that uniquely identifies an employee of your organization.
After setting up the users in Relias, you will need to record the URL of the web page from which your users will be launching Relias Learning. This is a security mechanism designed to reduce the risk of users outside your organization accessing your data.
Manually log onto your LMS as an Administrator and go to System -> Maintenance -> Referrer URLs, and add each URL from which employees will be launching Relias Learning. Note that the authentication routine compares the HTTP_REFERER value of the incoming call with the values on this list; passed values not present in this list will be denied access to the system.
The last integration step requires organizations to modify a web page on their company intranet. The page should append the GUID for the authenticated user to a static URL. When the user clicks on the link or icon this information will be passed to Relias Learning, and if correct, the user will be automatically logged onto the system without having to manually enter a username and password again.
The URL takes the following form: