SSO (Single Sign-On) is a service that allows users to log in to different platforms using a single set of credentials. Your users can use their existing login system of your built-in website under one set of identity-verifying user credentials and securely access your LearnWorlds school.
By centralizing authentication processes, SSO reduces password fatigue, minimizes the risk of credential misuse, and simplifies the user experience, ultimately improving overall operational efficiency.
LearnWorlds supports the activation of multiple custom SSO solutions simultaneously. The available SSO options include:
- Custom SSO
- WordPress SSO Plugin
- SAML 2.0 (Security Assertion Markup Language)
- OpenID Connect
For more detailed information, please refer to this article.
This article covers the basics of OpenID Connect, its integration with LearnWorlds, and available Identity Providers (IDPs), and provides guidance on setting up OpenID with various identity providers.
What is OpenID Connect?
OpenID Connect is an authentication protocol that enables secure user authentication across multiple applications using a single set of credentials. It simplifies the login experience by eliminating the need for users to manage separate usernames and passwords for each service, promoting usability and security.
OpenID ensures that authentication information is securely transmitted and validated, offering robust encryption and token expiration features to prevent unauthorized access and enhance overall security.
How does OpenID Connect work with your school?
Once you set up OpenID SSO with your existing IDP, your users will be able to single sign-on to your school via your Identity Provider (IDP).
When the user clicks on Sign in and is not already logged in to their IDP account, they will be redirected to their provider to be authenticated. In this example, we have set up Xero as an IDP:
The IDP will redirect them back and log in to the LearnWorlds school page upon successful authentication. If the user is already logged in to their IDP account, then they will be automatically logged in to Learnworlds.
Set up OpenID Connect
You may set up OpenID practically with any Identity Provider (IDP). IDPs will give you the option to create an authentication application. You will need to provide the necessary information from your school (the Service Provider) and gather the necessary information from the IDP’s authentication application.
We have already created detailed guidelines for the following IDPs:
- LinkedIn with LearnWorlds OpenID Connect SSO
- Facebook with LearnWorlds OpenID Connect SSO
- Google with LearnWorlds OpenID Connect SSO
- Okta with LearnWorlds OpenID Connect SSO
- Auth0 with LearnWorlds OpenID Connect SSO
- Xero with LearnWorlds OpenID Connect SSO
- Microsoft Entra with LearnWorlds OpenID Connect SSO
- GitLab with LearnWorlds OpenID Connect SSO
If you have another IDP, then you can refer to your IDP documentation and go to our setup page.
You can allow your users to sign in/up in your school using the OpenID solution of their preference without re-entering their username and password. To set up OpenID Connect, go to your LearnWorlds school and:
1. Navigate to Website → Website settings → Authentication and select OpenID Connect.
2. Add a new OpenID connect.
3. Activate Open ID and add a name for this OpenID solution.
4. Once you set up this information on your IDP and create the authentication application, you will need to update your school’s setup with the necessary information from your IDP:
- Client ID: Add a client ID for this OpenID Connect provider.
- Client Secret: Add a client secret for this OpenID Connect provider.
- Redirect URL: This URL should be whitelisted on the provider OAuth app.
- Provider Configuration: Provide configuration details automatically by providing a discovery document link or configure it manually.
- Create User: This function adds a new user to the school if a user with this email does not already exist.
- Identify by ID: Uses the provider's user ID and automatically updates the LearnWorlds username and email upon login. If the email/username of the user is changed from LearnWorlds side, then the user is not updated to the OpenID provider upon login.
5. Click on Create to save your settings and you are all set. Your users may now Single Sign-On by using your favorite IDP.
If you're using OpenID as an authentication method, you must change the Site Navigation settings in the Payment Flow section for Logged-out users, as they will need to sign up or log in before proceeding to the payment page.
Also, you need to ensure that in all Payment Sections of your school's pages, 1-click Sales funnels, or the Payment Page of your school, the Sign in/up form option is set to hide since the user will not be able to sign in/up via the Learnworlds system.
Notes/Tips
- You need to use the LearnWorlds admin (school owner) account to set up a Custom SSO URL, SAML, or OpenID for your LearnWorlds school; if you misconfigure your setup, only this account will be able to sign in to your school. Hence, the LearnWorlds admin will have to make all the changes in the sign-in/up page regarding SSO.
- Only the sign-in link should be used at your school since the IDP will perform the sign-up and password reset.
- The SSO mechanism uses the user’s email address to identify the user; therefore, to change the user's email address, you will need to update the new email both in your school and on your IDP.
- If you wish to use our built-in Affiliate Management program, you should consider not using the SSO solution, since it will not be feasible to use this feature and track sales.
- If you enable OpenID connect (external IDP), the LearnWorlds password update/reset functionality will not be available.
- If you want to use more than three custom SSO solutions please contact us at support@learnworlds.com.