OpenID is a popular single sign-on technology that allows access to all company web-resources with the same credentials. In iSpring Market, OpenID Connect protocol works with the Okta identity provider — an authorization server that authenticates users and transmits info about a successful authorization to LMS.

Okta Authorization Server Configuration

  1. Log in to your Okta account and click Admin


  2. Next, open the Applications section in the sidebar menu. 

    image-2024-5-27_7-51-52.png
  3. In the Applications section, click Create App Integration.

    image-2024-5-27_7-53-43.png

  4. Now, select OIDC - OpenID Connect and Web Application, and click Next.


  5. Then, proceed to configure the application. After you add all the data and select all the necessary options, click the Save button.

    Grant type allowed

    Select the Refresh Token and Implicit (Hybrid) options.

    Sign-in redirect URLs

    Add three more links under the default one:

    https://company    name.ispringmarket.com/sso/login/oidc
    http://companyname.ispringmarket.com/sso/login/oidc
    islearn://companyname.ispringmarket.com/sso/login/oidc

    Important:

    The SSO technology will work properly for the mobile application if you add a modified Login Redirect URI. You will need to swap the https extension to islearn.

    For example, use islearn://companyname.ispringmarket.com/sso/login/oidc instead of https://companyname.ispringmarket.com/sso/login/oidc

    Sign-out redirect URLs

    Add one more link under the default one:

    https://companyname.ispringmarket.com/login/?logoff=1

    Base URLsYour account web address: https://companyname.ispringmarket.com

    image-2024-5-27_8-17-19.png

  6. Open the General tab and copy your Client Id and Client Secret

Setting Up iSpring Market

  1. Sign in with your iSpring Market account and put the following link into the browser: https://companyname.ispringmarket.com/settings/sso/oidc

  2. Check Enable OpenId login for this account. 

  3. Next, fill out the fields of the form and click Save Changes.

    Automatically add new users via OpenIDCheck this option to enable non-registered users to get added to iSpring Market when attempting to login.
    Response TypeThe response type issued by the authorization server.
    Return UrlThe web address of the page where non-authenticated users are redirected to.
    IssuerThe security token issuer. This value can be retrieved on the authorization server — it is the URL of your Okta account.
    Client IdThe client identifier that can be copied on the authorization server. 
    Client SecretThis parameter is used to authenticate the application when it is asking to get access to a user’s account. It’s created on the authorization server. 


Adding Users to iSpring Market

Even if users are not present in the iSpring Market database yet, they will be automatically added to the user list. The only thing that can prevent a new user from adding can be your subscription plan limitation

To create users when signing in with OpenID, we use the following parameters received from the authorization server:

Claim

Profile Field in iSpring Market

preferred_username

Login

email

Email

family_name

Last Name

given_name

First Name

Authorization without OpenID

If you have enabled OpenID in your iSpring Market account and for some reason can't log in using single sign-on, type the following web address: https://companyname.ispringmarket.com/login?no_sso. 

Now you will sign in with the account, as usual, using your login and password.