SSO: SAML 2.0
  • 2 Minutes to read
  • Dark
    Light

SSO: SAML 2.0

  • Dark
    Light

Article summary

To set up SAML 2.0 with SmarterU, do the following from the External Authorization section of your account settings:

  1. Select Enable External Authorization.
  2. Expand the SAML 2.0 section and specify the SAML settings.

Graphical user interface, text, application, email  Description automatically generated

  1. Click Save.

SAML Settings

Login URL

This setting is only applicable if the Master Login Control and User Default Login settings are set to a value other than SmarterU. This is the URL that users will be redirected to when they click the Login button on the portal page.

Customize Login Button Text

This setting is only applicable if the Master Login Control setting is set to a value other than SmarterU. This is the label that displays on the login button.

Customize Portal Login Text

This setting is only applicable if the Master Login Control setting is set to Both or User-Specified. This is the label that displays on the portal's login button.

Enable SAML

Select to enable SAML.

IdP Metadata

This setting is only enabled if the Enable SAML setting is enabled.

Enter your IdP metadata. If you do not know your metadata or how to get it, we have several Identity Providers that you can use.

Identifier Attribute/Claim

This setting is only enabled if the Enable SAML setting is enabled. 

Select the identifier/claim to use as a login credential.

Identifier Type

This setting is only enabled if the Enable SAML setting is enabled. 

The identifier type tells SmarterU whether the Identifier Attribute/Claim represents the email, or the employee ID of a user in SmarterU.

Perform Single Logout on Session Timeout

This setting is only enabled if the Enable SAML setting is enabled and IdP Metadata has been provided. 

Select to log users out from all applications where SSO was used when they log out of SmarterU, or their SmarterU session times out. 

Enable Just-in-Time User Creation

Select to create a user account just before the user is logged into SmarterU. When a user attempts to connect to SmarterU, SmarterU uses the Identifier Attribute/Claim setting to determine if they exist in the system. If the user exists, they are logged in. If the user does not exist and the Enable Just-In-Time User Creation setting is enabled, SmarterU will create their user account prior to logging them in. 

  • Enabling this setting allows you to set the user's given name, surname, and home group. All other updates to a user's profile will need to be done outside the just-in-time user creation feature.
  • The account invitation email is not sent to users created with Just-in-Time User Creation.

Given Name Attribute/Claim

This setting is only enabled if the Enable Just-In-Time User Creation setting is enabled. 

Select the field from the metadata that should be used for the user's given name

Surname Attribute/Claim

This setting is only enabled if the Enable Just-In-Time User Creation setting is enabled. 

Select the field from the metadata that should be used for the user's surname.

Alternate Email Attribute/Claim

This setting is only enabled if the Enable Just-In-Time User Creation setting is enabled and the Identifier Type is set to Employee ID

Select the field from the metadata that should be used for the user's alternate email

Home Group

This setting is only enabled if the Enable Just-In-Time User Creation setting is enabled. 

Select the home group to which just-in-time users are added.

Tested Identity Providers


Was this article helpful?