Configure SSO for the LMS (Admin Portal)

To sign in as an admin, facilitator, manager, (restricted) author and course reviewer (to use our review tool), you will require admin SSO. This is a separate configuration from the learner portal.

 

On Enterprise and Managed plans only

There are 2 parts to setting up LMS SSO

 

1. Client to configure LMS SSO in:

You will need to add a callback URL (separate from the learner portal SSO set-up) and provide your CSM with a SAML certificate file.

The person setting up SSO should have admin privileges to both EdApp and the SSO provider.

2. EdApp to finish the rest

This part is supported by your EdApp CSM. Please reach out once step 1 has been completed.

Testing

FAQS

 

Configure SSO in Okta

Step 1:  Sign in to the Okta Admin portal using your administrator account. Browse to Applications --> Applications in the left-hand menu and click Create App Integration.

 

Step 2:

  • Select SAML 2.0 and click Next
  • Fill in EdApp in the App name field
  • Upload the EdApp icon found here
  • Select Next.

Step 3: 

  • Fill in Single sign on URL with https://admin.edapp.com/sso-login/<yourcompany>/callback where <yourcompany> is an easy to remember identifier related to your company. Your learners will use this to login.
  • Click Advanced Settings, and add https://admin.edapp.com/sso-login/<yourcompany>/callback to the Other Requestable SSO URLs list
  • Populate Audience URI (SP Entity ID) with https://admin.edapp.com
  • Choose EmailAddress for the Name ID format
  • Choose Okta username for the Application username
  • Click Download Okta Certificate

Step 4:

  • Select I'm an Okta customer adding an internal app
  • Select This is an internal app that we have created
  • Click Finish

Step 5:

Click View Setup Instructions

  • Copy the Identity Provider Single Sign-On URL: We will need the below information when configuring SSO in EdApp
  • Download the certificate

Make sure to give users access to the application in Assignments tab

EdApp will now show up in the My Apps menu on Okta

 

 

Configure SSO in Google

Step 1:  Sign in to the Google Admin portal using your Google administrator account. Browse to Apps --> Web and Mobile Apps in the left hand menu.

Step 2:

  • Click the Add custom SAML app and fill in "EdApp" as the application name
  • Upload the EdApp icon. This can be found here: EdApp icon
  • Select Continue.

Step 3: Copy the SSO URL for future reference when setting up the EdApp part and download the certificate. Click Continue

 

Step 4:

  • Fill in ACS URL with https://api.edapp.com/sso-saml-callback/<yourcompany> where <yourcompany> is an easy to remember identifier related to your company. Your learners will use this to to login.
  • Enter an additional ACS URL of https://admin.edapp.com/sso-login/<yourcompany>/callback
  • Download the certificate
  • Fill in https://edapp.com/<yourcompany> for the Entity ID field.
  • Choose Email for the Name ID format
  • Choose Basic Information > Primary email for the Name ID
  • Click Continue

Step 5:

In EdApp you can use attributes from the user in Google to use as Custom fields in EdApp. To do this you can add mappings. It is important that the App attribute has exactly the same name as the field in EdApp. The firstname and lastname fields are fields that are default fields in EdApp that can be populated without adding a custom field, the attribute has to be added though.

Click finish to complete this step

Make sure to give users access to the application in User Access

EdApp will now show up in the google Apps menu on Google.com

 

 

Configure SSO in Azure AD

Step 1: 

Sign in to the Azure portal using your Azure Active Directory administrator account. Browse to the Active Directory > Enterprise Applications > New application > Non-gallery application section.

Step 2:

Fill in "EdApp" as the application name, select Add.

Azure portal will redirect to the app overview page. Select Single sign-On > SAML

 

Step 3:

Update Basic SAML Configuration

  • Fill in Logout URL with https://api.edapp.com/sso-logout/<unique-company-identifer>
  • The following example has <unique-company-identifier> as uniqueEdCustomerCompanyId you can make this up but ensure that it is identifiable and easy for your learners to type in e.g. companyname

Step 4:

Download "Certificate (Base64)" from SAML Signing Certificate section.

 

Consider yourself halfway done! Now that we’ve managed to set up SSO in Azure AD, we’re ready to configure SSO in EdApp. Please send the certificate to you CSM and we will do the rest.

 

Testing

To test whether admin SSO is working:

1. Go to admin.edapp.com

2. Click single sign-on (top left)

3. Enter the company name you chose when setting up

If set up correctly, this will redirect you to your company IDP to log in with your SSO details. It will then redirect you to the EdApp admin portal after successful authentication.

 

FAQ

 

Learners aren’t able to log in via SSO after setting up admin SSO (previously fine)

You may have accidentally replaced the redirect URL, rather than added a new one

 

Is domain recognition available for the admin portal?

Although domain recognition is available for learner SSO (upon request), it's currently not available for admins.