Account: External Authorization (SSO)

External Authorization allows you to configure a Single Sign On (SSO) connection between a third-party system (e.g., Google, Microsoft ADFS, Okta, or any SAML 2.0 compatible identity provider with IDP-initiated SSO) to SmarterU. By establishing SSO, your learners will not need to have separate login credentials for SmarterU.

SSO only refers to authentication. There are also options to establish automatic user provisioning/de-provisioning.

When you edit your account's settings, the External Authorization accordion of the Account Profile workscreen includes the following settings.

Settings

Enable External Authorization

Check to allow Single Sign-On from a third-party system to SmarterU.

SmarterU currently supports Single Sign-On through a number of providers. Each provider must be enabled in your account separately. The currently supported Single Sign-On providers are:

• SAML 2.0
• OpenID for Google Applications
• Azure AD B2C OpenID
• SmarterU API

A separate section will appear for each Single Sign-On provider enabled for your account.

Master Login Control

This setting is only applicable if the Enable External Authorization setting is checked. Select one of the following options:

• SmarterU - users will be allowed to log in ONLY through SmarterU. Your remote login page will display your original login form.

• External Authorization - users will be allowed to log in ONLY through your Single-Sign On provider. Your remote login page will display the text from the Login Message field and a button that will redirect the users to the URL specified in the Login URL field. 

• Both -  users will be allowed to log in through SmarterU and your Single-Sign On provider. Your remote login page will display the text from the Login Message field and two buttons. The first button redirects users to the URL specified in the Login URL field. The second button redirects users to the SmarterU portal login page.

• User-Specified - If selected, the display will be based on the user's User Default Login setting for newly created users. This will allow you to specify the login option at the user level.

User Default Login

This setting is only applicable if the Enable External Authorization setting is checked.

If the Master Login Control field is set to User-Specified, SmarterU will look at the user attempting to log in to determine where the user can log in from. If the user does not have a specified login setting (i.e., the User Default Login field for the user), the selected option below will be used. 

• SmarterU - the default user login is SmarterU.
• External Authorization - the default user login is your Single-Sign On provider. 

• Both - the default user login is SmarterU and your Single-Sign On provider

Login URL

This setting is only applicable if Master Login Control and User Default Login are set to a value other than SmarterU. This is the URL that users will be redirected to when they click the Login button on the portal page.

Customize Login Button Text

This setting is only applicable if Master Login Control is set to a value other than SmarterU. This is the label that displays on the login button.

Customize Portal Login Button Text

This setting is only applicable if Master Login Control is set to Both or User-Specified. This is the label that displays on the portal's login button.

Login Message

This setting is only applicable if the Master Login Control is set to External or Both, or if the User Default Login is set to External. Enter the login message that your account users will see.