How to set up OneLogin
If OneLogin is your Identity Provider (IDP), you can find more information here on how to get started using OneLogin SSO via Learnworlds.
On your administration page, go to Applications → Applications and Add App.
Choose SAML Custom Connector.
Configure the first page and click on Save.
Log in to your LearnWorlds school with your Learnworlds admin account. You need to use the LearnWorlds admin (school owner) account, to set up SAML for your LearnWorlds school; in case you misconfigure your setup, then only this account will be able to sign in to your school. Hence all the changes in the Sign in/up page regarding SSO will have to be made by the LearnWorlds admin.
1. Go to Website → Website settings → Authentication and select SAML.
2. Add a new SAML
3. Activate SAML and add a name for this SAML solution.
4. From the SAML settings, copy the corresponding information into your OneLogin Application Configuration tab according to the following table:
LearnWorlds | OneLogin |
Service Provider (SP) URL | Audience (EntityID) |
Assertion Consumer Service (ACS) URL | ACS (Consumer) URL Validator |
Assertion Consumer Service (ACS) URL | ACS (Consumer) URL |
Assertion Consumer Service (ACS) URL | Login URL |
5. You need to set up your school with your OneLogin IDP Application.
Go to your OneLogin Application, SSO tab, and copy the corresponding values to your LearnWorlds school’s SAML settings according to the following table:
OneLogin | LearnWorlds |
Issuer URL | IDP Identifier (Entity ID) |
SAML 2.0 Endpoint (HTTP) | Sign-on URL |
SLO Endpoint (HTTP) | Single Logout URL |
X.509 Certificate | Identity Provider Certificate |
6. To pass the First and Last names of the users, you would need to set up two parameters in your OneLogin Application “givenName” as the user’s “First Name” and “surname” as the user’s “Last Name”. Your Application parameters settings should be as follows:
Make sure to tick Include in SAML assertion:
Finally, complete any other settings you require on your OneLogin Application and of course, give access to your OneLogin users to the new Application, and your setup is completed.
If you're using SAML as an authentication method, it's mandatory to change the Site Navigation settings in the Payment Flow section for Logged-out users, as they will need to sign up/log in before proceeding to the payment page.
Also, you need to ensure that in all Payment Sections of your school's pages, 1-click Sales funnels, or the Payment Page of your school, the Sign in/up form option is set to hide since the user will not be able to sign in/up via the Learnworlds system.
- If you set up OneLogin and disable the LearnWorlds login, all the users will be redirected to the SSO provider to authenticate, LearnWorlds passwords will no longer be valid. The users need to exist or sign up with the SSO authentication provider. The change of the authentication provider will only change the authentication mechanism, all the user data as well as their roles (admin, instructor, etc.) will be intact.
- The SSO mechanism uses the user’s email address to identify the user (unique key); therefore, to change the user's email address, you need to manually update the new email both in your school and on your IDP.
Furthermore, you may use the bulk import (and enroll) functionality in case you need to import users that already exist in your OneLogin provider.
- If you revert to LearnWorlds authentication, users created via the SSO authentication will need to create a new password. Passwords can be changed:
- By the user via the forgot password mechanism
- By the admin reset and/or update password mechanisms
- The LearnWorlds password update/reset functionality as well as sign-up are only available for the Default LearnWorlds Authentication mechanism. Any other SSO authentication mechanisms will need to handle these functionalities.
- In case you misconfigure the custom SSO setup and this is the only available authentication mechanism, then only the Learnworlds School Owner account will be able to sign in to your school via our Learnworlds account sign-in page (https://account.learnworlds.com/login)
- The built-in Affiliate Management program can not be used for users who use SSO providers to sign in.
- If you want to use more than three custom SSO, SAML, or OpenID solutions in total, please contact us at [email protected]. In case you are on the Learning Center plan you can also add 3 more by purchasing our scale package.
- If, for some reason, you want to "remove" a user's SSO connection and make them only a LearnWorlds user, you can change their password manually from the admin dashboard.