What is Auth0
Auth0 is a very popular authentication provider. With SAML SSO, you can connect your existing identity management system with Learnworlds and allow your users to access Learnworlds via their Auth0 account. This is a basic guide on how to set up your school to use Auth0. Depending on your setup, you might need to perform more actions.
How to set up Auth0
Login to Auth0 and go to Applications → Applications and either create a new Regular web application or use an existing one.
Within your application, navigate to Addons and turn on SAML2 WEB APP.
This will display the SAML2 setup page.
1. In your LearnWorlds school, go to Website → Website settings → Authentication and select SAML.
2. Add a new SAML
3. Activate SAML and add a name for this SAML solution.
Copy the necessary information (see below) from your LearnWorlds school's settings. For the certificate, you will need to download it and open it with a text editor.
Auth0 | Learnworlds |
Issuer | IDP Identifier (Entity ID) |
Identity Provider Login URL | Sign-on URL |
<not provided directly, read further down if you wish to setup Single Logout> | Single Logout URL |
Identity Provider Certificate | Identity Provider Certificate |
From your LearnWorlds school settings, copy the ACS URL.
Then paste it to the Application Callback URL and enable your Addon.
4. Once you set up this information on your IDP and create the authentication application, you will need to update your school’s setup with the necessary information from your IDP:
a. IDP Identifier (Entity ID): This is the given IDP ID for the created application.
b. Sign-on URL: This is the URL that the school will call to authenticate the user via the IDP.
c. Single Logout URL: If you implement a single logout you may provide this URL. When the user logs out from LearnWorlds the system will call this URL, and the IDP will log out the user from all other Services.
d. Identity Provider Certificate: You need to pass the public certificate to authenticate the call.
e. Service Provider (SP) URL: It is your school SAML Service Provider (sp) URL that the IDP will use to identify your service.
f. Assertion Consumer Service (ACS) URL: This is the “Reply URL” that the IDP will use to inform your school (SP) if the user has been authenticated successfully.
g. Single Logout URL: The URL that will be used by the identity provider to inform the service provider (your school) in case the user should be logged out; please paste this value to your identity provider, if needed.
h. Create User: Adds a new user to the school if a user with this email does not already exist.
5. Click on Create to save your settings and you are all set. Your users may now Single Sign-On by using your favorite IDP.
If you're using Auth0 as an authentication method, you must change the Site Navigation settings in the Payment Flow section for Logged-out users, as they will need to sign up/log in before proceeding to the payment page.
Also, you need to ensure that in all Payment Sections of your school's pages, 1-click Sales funnels, or the Payment Page of your school, the Sign in/up form option is set to hide since the user will not be able to sign in/up via the Learnworlds system.
Single Logout
Auth0 also provides the ability for Single Logout, meaning that if the user logs out from your school, they will also be logged out from their Auth0 application account or even from all Auth0 applications.
In the URL, it will be https://{YOUR_AUTH0_DOMAIN}/v2/logout? client_id=YOUR_CLIENT_ID& returnTo=LOGOUT_URL where Client_id is the Client ID of your Auth0 application.
returnTo is the page that you need to redirect your users after logging out from your school, usually back to your school's main page. You will need to add the returnTo URL to the Allowed Logout URLs of your Auth0 application.
- If you set up an SSO solution and disable the LearnWorlds login, all the users will be redirected to the SSO provider to authenticate, LearnWorlds passwords will no longer be valid. The users need to exist or sign up with the SSO authentication provider. The change of the authentication provider will only change the authentication mechanism, all the user data as well as their roles (admin, instructor, etc.) will be intact.
- The SSO mechanism uses the user’s email address to identify the user (unique key); therefore, to change the user's email address, you need to manually update the new email both in your school and on your IDP.
Furthermore, you may use the bulk import (and enroll) functionality in case you need to import users that already exist in your SSO provider.
- If you revert to LearnWorlds authentication, users created via the SSO authentication will need to create a new password. Passwords can be changed:
- By the user via the forgot password mechanism
- By the admin reset and/or update password mechanisms
- The LearnWorlds password update/reset functionality as well as sign-up are only available for the Default LearnWorlds Authentication mechanism. Any other SSO authentication mechanisms will need to handle these functionalities.
- In case you misconfigure the custom SSO setup and this is the only available authentication mechanism, then only the Learnworlds School Owner account will be able to sign in to your school via our Learnworlds account sign-in page (https://account.learnworlds.com/login)
- The built-in Affiliate Management program can not be used for users who use SSO providers to sign in
- If you want to use more than three custom SSO, SAML, or OpenID solutions in total, please contact us at support@learnworlds.com. In case you are on the Learning Center plan you can also add 3 more by purchasing our scale package.