Single Sign-on: Using Google’s SAML 2.0
This installation enables single-sign on using the log into Google ID – this is inherent with Google Docs, Chrome and Gmail. To get this to work on your customised site it first needs to be set up by the Company’s Google Administrator by following these steps.
1. Log in to Google Admin Console (admin.google.com)
2. Go to Apps/SAML Apps
3. Click on ‘Enable SSO for SAML Application’ (yellow sign plus in the bottom right corner – screenshot below)
4. Select ‘Setup My Own Custom App’
5. Choose the second option (see screenshot below). Download the IPD metadata file and send it as an attachment to the Open LMS team (firstname.lastname@example.org entitled “IPD SAML Information”). Then click ‘Next’.
6. Enter the App name (for example ‘Your Company LMS Training’). Click ‘Next’.
7. Enter the following SAML settings:
ACS URL: https://openelms.e-learningwmb.co.uk/saml/module.php/saml/sp/saml2-acs.php
Entity ID: https://openelms.e-learningwmb.co.uk/saml/module.php/saml/sp/metadata.php
Start URL: https://openelms.e-learningwmb.co.uk/LMSID/saml/
,where LMSID is the identifier of your Open LMS installation. You can get he identifier from the link you use to access the Open LMS web application. For example, if the link is https://openelms.e-learningwmb.co.uk/somecompanyname, then the identifier of your Open LMS installation (i.e. LMSID) is somecompanyname.
8. Add three mapping which let Open LMS identify your users. Add them by click on the ‘Add New Mapping’ button:
9. Enable the applications to the desired set of users (or enable it for everyone in your organization):
10. Launch the application from Google Admin or directly by going to the start url: https://openelms.e-learningwmb.co.uk/LMSID/saml/
When a user launches the application, LMS will use their email to check whether such a user is already registered with LMS. If not, a new account will be created and it will be assigned the default courses. We will also set up the default department and company id of the new trainee. If you want to assign the trainee to a particular department or company in LMS, you need map two more attributes (‘department_id’ and ‘company_id’). You can map an attribute ‘password’, which will be the new LMS password of the trainee’s account.
Important: In order to enable the application we need to setup the Entity ID and the certificate of your Google account into LMS. We can do this only if you provide the relevant IDP metadata file. You need to send it to us by email (or any other means).