How to set up single sign-on (SSO) for G Suite
Here’s a step-by-step guide on how to configure SSO for your iSpring Learn account by creating a SAML app in G Suite. It’s a convenient option if you use G Suite and haven’t implemented SSO yet.
With this method, you can configure basic SSO authentication with no need to use a third-party service.
Prerequisites
-
Ensure that you are an administrator of your iSpring Learn account.
-
Enable the “Force HTTPS” option in the iSpring Learn account settings.
Configuring Google
-
Sign in to https://admin.google.com/ with your G Suite account.
-
In the menu, select Apps > SAML Apps.
-
Click the plus button. A dialog with further instructions will open.
-
Click SETUP MY OWN CUSTOM APP below the app list.
-
At the next step, you will see an SSO URL and Entity ID (you will need to enter them in your iSpring Learn account later). For now, download the certificate by clicking the Download button. Then click NEXT.
-
Type the application name (iSpring Learn). You can also add a description and a logo that will be displayed to all users who have access to the app. Click NEXT.
-
At the next step (Service Provider Details), type the following information:
ACS URL: https://yourdomain.ispringlearn.com/module.php/saml/sp/saml2-acs.php/default-sp (with your iSpring Learn domain where it says yourdomain)
Entity ID: https://yourdomain.ispringlearn.com/module.php/saml/sp/metadata.php/default-sp (with your iSpring Learn domain where it says yourdomain)
Start URL:
https://yourdomain.ispringlearn.com/sso/login (with your iSpring Learn domain where it says yourdomain)
Signed Response: Disable
Name ID: Basic Information – Primary Email
Name ID Format: EMAILHere’s how it will look:
Click NEXT.
-
At the next step, click ADD NEW MAPPING and specify the mapping:
attribute name: email
category: Basic Information
user field: Primary EmailWhen you're done entering the information, click FINISH. Don’t close your browser tab.
Getting the fingerprint
A fingerprint is a shortened representation of an X.509 public certificate. To get it, you can use an online fingerprint calculator, for example, this one.
-
Paste the certificate in the X.509 field (you downloaded the certificate at Step 2 when configuring Google). To copy the certificate data, open it in a text editor.
-
In the Algorithm field, select sha1.
-
Click the button. The fingerprint will appear in the appropriate field. It looks like this: a909502dd82ae41433e6f83886b00d4277a32a7b.
Configuring iSpring Learn
When you’re done configuring Google, the next step is to fine-tune your iSpring Learn account to authenticate learners using SAML. To do this, you will need the fingerprint obtained at the previous step and some information from Google. Please follow these steps:
-
Go to https://yourdomain.ispringlearn.com/settings/sso
-
Fill in all the fields. Here’s how to do this:
-
Metadata Url. Copy and paste the Google Entity ID.
-
Sign On Url. Copy and paste the Google SSO URL
-
Logout Url. Enter a URL where users will be redirected after signing out of the iSpring Learn Account. Please note that this field is required. The recommended URL is https://apps.google.com/user/hub
-
Certificate Fingerprint. Copy and paste the fingerprint calculated at the previous steps.
-
-
Click Save Changes.
Now there’s one more change to make before testing the SSO in your account.
Activating the app for your domain
By default, the app you created is turned off and is not visible to the users signed in to your Google domain account. To activate the app, go to the Google Admin page. Select App > SAML Apps. Then find iSpring Learn, click on the three dots on the right side, and select ON for everyone in the drop-down list.
You can also turn the app on only for some organizations. Here’s an article on how to add an organizational unit in your G Suite account.
Testing single sign-on
To check how the SSO authentication works, sign out of your G Suite account and start a new browser session. Sign in to G Suite again, go to the Google search page, and click the grid icon on the right side. Click More below the list and find the iSpring Learn app. Click on it to sign in to your iSpring Learn account.
Alternatively, you can go directly to https://yourdomain.ispringlearn.com/sso/login in your browser.
If you still have any questions, please ask them in our Community Forum.
Related Articles