Single Sign-On
SSO Scenarios
-
SSO with the IDP of the Customer
Edcast supports OAuth & SAML2.0 for the SSO with the IDP of the Customer.
Customers also have the option to additionally allow users to login using their User name & Password on the Edcast portal.
Edcast has successfully integrated with Microsoft Active Directory, Azure Active Directory , Ping Identity & One Login -
SSO with the LMS / Content Provider
- where Edcast is the IDP
Edcast supports SSO with the LMS / Content Provider via SAML 2.0 only - where the customer provides the IDP
In this scenario , the SSO is directly handled by the customer without involving Edcast
OAuth 2.0
Edcast supports OAuth for the SSO with the IDP of the Customer.
Following attributes are to be shared with Edcast by the customer:
- Issuer
- Authorization endpoint
- Token endpoint
- JWKS endpoint
- Userinfo endpoint (optional)
SAML 2.0
Metadata Exchange for Test & Production Environment
To set up the IDP for testing the SSO connection, please download your metadata and send us your metadata XML file. We will then set up the portal on our side and send you a test link.
SAML NameID
Make sure that your SAML request includes a unique and permanent NameID. This should ideally be an employee number or similar.
Email Id change scenarios make use of the SAML Name ID
Using the user's email address is not recommended as it might change (e.g. name change after marriage)
SAML Response Mapping Attributes
During the Integration with the Customer's IDP, Edcast SSO accepts the following attributes from the SAML Response:
- SAML Name ID (Default SSO attribute)
- firstName
- lastName
During the Integration with the LMS / Content Provider, Edcast SSO sends the following attributes from the SAML Response:
- SAML Name ID = email id / employee ID
- firstName
- lastName
Existing Customer Users
If your company portal already has existing customer users that have self-registered, we will need to upload the NameID for all existing users to our database, in order to ensure they will continue having access to their account information.
What we need from the customer / Content Provider:
- SAML Metadata XML file
Updated almost 3 years ago