Single Sign-On

figure-1

Single sign-on is a mechanism that allows you to authenticate users in your systems and subsequently tell Thought Industries that the user has been authenticated. The user is then allowed to access Thought Industries without being prompted to enter separate login credentials.

At the core of single sign-on is a security mechanism that allows Thought Industries to trust the login requests it gets from your systems. Thought Industries only grants access to the users that have been authenticated by you.

Thought Industries supports three different types of Single sign-on. Click the links below to learn more about each:

  1. JWT SSO >
  2. CAS SSO >
  3. SAML 2.0 SSO >

SSO Settings

SSO Settings allow you to control where learners are directed at key moments within TI. For example, when a learner is registering, you can redirect them to your external registration portal, and then use SSO to send them back to TI after registration.

External Login URL

This is an optional URL you can fill in if you want all students to log in via SSO. Filling this in will redirect the login page to the URL you specify. It is expected the user will log in on the external page, and then you will send their information back to TI as part of an SSO process, at which point the user will be signed into TI. You can use {{returnTo}} in the URL and TI will automatically fill in what URL the student should be returned to after they have logged in. For example:

http://www.example.org/sign_in?return_to={{returnTo}}&from=TI

Account Logout URL

Similar to the Login URL, if you would like all students to log out via SSO, fill in this URL field. You can use {{returnTo}} in the URL and TI will automatically fill in what URL the student should be returned to after they have logged in. For example:

http://www.example.org/logout?return_to={{returnTo}}&from=TI

External Register URL

This is an optional URL you can fill in if you want all students to register externally. This will redirect both the free registration page and the checkout page if the user is signed out. On this page you will want to provide the option of registering or logging in. It is expected the user will register or log in on the external page, and then you will send their information back to TI as part of an SSO process, at which point the user will be signed into TI. You can use {{returnTo}} in the URL and TI will automatically fill in what URL the student should be returned to after they have registered or logged in. This is particularly important for this endpoint as we will specify a returnTo URL that will put the student back into the checkout flow. For example:

http://www.example.org/register?return_to={{returnTo}}&from=TI

Account Settings Redirect Link

This is an optional URL you can fill in if you want all students to update their email address, name, and other profile information externally. You can use {{returnTo}} in the URL and TI will automatically fill in what URL the student should be returned to after they have updated their profile. For example:

http://www.example.org/update_profile?return_to={{returnTo}}&from=TI