Single Sign-On

SSO Scenarios

  1. SSO with the IDP of the Customer
    Edcast supports OAuth & SAML2.0 for the SSO with the IDP of the Customer.
    Customers also have the option to additionally allow users to login using their User name & Password on the Edcast portal.
    Edcast has successfully integrated with Microsoft Active Directory, Azure Active Directory , Ping Identity & One Login

  2. SSO with the LMS / Content Provider

  • where Edcast is the IDP
    Edcast supports SSO with the LMS / Content Provider via SAML 2.0 only
  • where the customer provides the IDP
    In this scenario , the SSO is directly handled by the customer without involving Edcast

OAuth 2.0

Edcast supports OAuth for the SSO with the IDP of the Customer.

Following attributes are to be shared with Edcast by the customer:

  • Issuer
  • Authorization endpoint
  • Token endpoint
  • JWKS endpoint
  • Userinfo endpoint (optional)

SAML 2.0

Metadata Exchange for Test & Production Environment

To set up the IDP for testing the SSO connection, please download your metadata and send us your metadata XML file. We will then set up the portal on our side and send you a test link.

SAML NameID

Make sure that your SAML request includes a unique and permanent NameID. This should ideally be an employee number or similar.

Email Id change scenarios make use of the SAML Name ID
Using the user's email address is not recommended as it might change (e.g. name change after marriage)

SAML Response Mapping Attributes

During the Integration with the Customer's IDP, Edcast SSO accepts the following attributes from the SAML Response:

  • SAML Name ID (Default SSO attribute)
  • email
  • firstName
  • lastName

During the Integration with the LMS / Content Provider, Edcast SSO sends the following attributes from the SAML Response:

  • SAML Name ID = email id / employee ID
  • email
  • firstName
  • lastName

Existing Customer Users

If your company portal already has existing customer users that have self-registered, we will need to upload the NameID for all existing users to our database, in order to ensure they will continue having access to their account information.

What we need from the customer / Content Provider:

  • SAML Metadata XML file