OpenID is a popular single sign-on technology that allows access to all company web-resources with the same credentials. In iSpring Learn, OpenID Connect protocol works with the Okta identity provider — an authorization server that authenticates users and transmits info about a successful authorization to LMS.

Authorization with OpenID and Okta works in the mobile application.

Okta Authorization Server Configuration

  1. Log in to your Okta account and click Admin


  2. Next, open the Applications section in the sidebar menu. 



  3. In the Applications section, click Create App Integration.



  4. At the second step, select OIDC - OpenID Connect and Web Application, and click Next.



  5. After that, start configuring the application.

    In the Sign-in redirect URLs section, add three more links under the default one:

    https://companyname.ispringlearn.com/sso/login/oidc
    http://companyname.ispringlearn.com/sso/login/oidc
    islearn://companyname.ispringlearn.com/sso/login/oidc

    To make the authorization in the mobile application work, add a modified Return Url to the authorization server. Swap the https scheme with islearn: for example, change https://auth.dev.mycompany.com/sso/login/oidc to islearn://auth.dev.mycompany.com/sso/login/oidc

    In the Sign-out redirect URLs section, add one more link under the default one:

    https://companyname.ispringlearn.com/login/?logoff=1



  6. Then, add Base URLs  — it's basically the link to your iSpring Learn account. 



    Also, in the Grant type allowed section above, check Refresh Token and Implicit (Hybrid)



  7. In the Assignments section, tick Allow everyone in your organization to access. Finally, click Save.



    To login without a verification code sent to Okta Verify app, go to Sign On > User authentication and select Okta Dashboard.



  8. Open the General tab and copy your Client Id and Client Secret

Configuring iSpring Learn

  1. Log in to your iSpring Learn account. Then go to the SSO Settings and click OpenID.



  2. Fill out the fields of the form and check Create a new user account for a learner the first time they sign in with OpenID



    Create a new user account for a learnerCheck this option to enable non-registered users to get added to iSpring Learn when attempting to login.
    Response TypeThe response type which is issued by the authorization server.
    Return UrlThe web-address of the page where non-authenticated users are redirected to.
    IssuerThe security token issuer. This value can be retrieved on the authorization server — just copy the URL of your Okta account without “-admin”. 
    Client IdThe client identifier which can be copied on the authorization server. 
    Client SecretThis parameter is used to authenticate the application when it is asking to get access to a user’s account. It’s created on the authorization server. 

    1

  3. If needed, match fields in iSpring Learn and your SSO service. It's best to ensure that you don't miss any required fields from the User Profile Settings. Otherwise, an extra required field like Birthday may interrupt the integration process. 



  4. Click Enable.



  5. Then, add link to the corporate site in the Quick Links section.


Adding Users to iSpring Learn

Even if users are not present in the iSpring Learn database yet, they will be automatically added to the users list. The only thing that can prevent a new user from adding can be your subscription plan limitation. 

To create users when signing in with OpenID, we use the following parameters received from the authorization server:

Claim

Profile Field in iSpring Learn

preferred_username

Login

email

Email

family_name

Last Name

given_name

First Name

Authorization without OpenID

If you have enabled OpenID in your iSpring Learn account and for some reasons can't login using single sign-on, type the following web address: https://yourcompany.ispringlearn.com/login?no_sso

Now you will sign in with the account as usual, using your login and password.