SAML-SSO Integration

[Pages:6]SAML-SSO Integration

April 2020

Percipio supports SAML-SSO integration. To date, Skillsoft has validated Percipio SAML integration with several leading identity providers (IdP). Additionally, Skillsoft expects SAML-based SSO will work with most common identity providers.

External Authentication, also referred to as SSO (Single Sign-on), is a method of access control that enables a user to log in once and gain access to the resources of multiple software systems without being prompted to log in again. It lets end users login to their Percipio instance without having to remember specific credentials just for Percipio. Skillsoft uses the SAML 2.0 (Secure Assertion Mark-up Language) standard to provide Single Sign-On (SSO) services for your organization.

Implementing SSO provides not only timesaving and usability benefits for end users but financial benefits for your company. Major benefits of SSO include:

? Improved productivity - It takes an average of 20 seconds for a user to log into a resource. Not having to enter a password each time a user needs to access a resource saves time and makes users more productive.

? Reduce frustration of multiple log-on events and forgotten passwords - Users only have one password to remember and update, and only one set of password rules to remember. Their initial login provides them with access to all resources, typically for the entire day.

? Increased adoption - SSO reduces the barriers of use for Skillsoft resources. Since it is easier to access Percipio, users will start using it more.

? Reduced helpdesk costs - Fewer helpdesk calls for password resets relates directly to bottom-line savings.

1

SAML 2.0 defines several roles for parties involved in single sign-on. The diagram below is a much-simplified view of the process:

The user authenticates (logs in) to the identity provider (or IdP) ? this will be your system. The user is then able to access Percipio as a service provider (abbreviated as SP) without needing to log in to Percipio.

2

No Cost Option

Skillsoft does not charge for the basic SAML offering.

Create user and populate With this option, if a user does not exist, they are

profile

automatically created. Percipio can create users via

SAML by mapping user profile fields as part of setup.

Update user profile

With this option if the information supplied by SAML differs from what is stored in the system the user profile is updated.

Support for manual login with alternate username/alias

With this option users who may not be able to use SAML (perhaps because only accessible via company network) can still login with an "alias" directly at the platform.

Example: SAML may use a numeric employeeid as the username, but the user can also login manually with their email.

Mobile App supported

The Percipio Mobile App supports SAML SSO.

3

Service Provider (SP) Initiated Login

SP Initiated means the user will access Percipio first and then they are redirected back to their IDP provider to authenticate.

This login method is the only one that supports "share links" from the platforms.

Identity Provider (IdP) Initiated Login

IDP Initiated means the user can be preauthenticated by the customers system before being directed to the platform.

SAML Signed Authentication Requests

Supports sending Signed authentication requests to customer's identity provider if required.

SAML Encrypted Authentication Requests

Supports sending Encrypted authentication requests to customer's identity provider if required.

SAML Signed Response

Supports signed SAML responses from customer's identity provider.

SAML Encrypted Response Supports encrypted SAML responses from customer's identity provider.

Signing/Encryption certificates ? Percipio uses a Skillsoft issued self-signed certificate for all customers.

Customer certificate expiration ? Currently, Skillsoft does not support secondary customer certificates to support expiration change over. Automated processes for

4

updating customer certificates are not yet available. Certificate change overs will need to be coordinated with Skillsoft Cloud Operations and Support. SAML single sign-on is configurable directly through the Percipio administrative interface. This simplifies and speeds the process to deploy and maintain SSO. Customers, with support from their IT team and Skillsoft support staff, can access the SAML Settings page to configure their connection. InCommon Federation ()

5

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download