Your system supports SSO (Single Sign On) using SAML 2.0 and a compatible identity provider. This allows users to sign into the system using only one set of credentials. In this article, we will go over the process of setting up SSO on your site.
Getting Set Up
You will need to have an Identity Provider set up within your organization in order to set up SSO. Contact your IT team if you need assistance with this.
When SAML SSO has been configured on your site, users will be able to log into the system using one set of credentials provided by your Identity Provider. If the user’s email address matches one on a user account in the system, they will be logged in as that user.
Once you have the details for your identity provider, go to Administration → Configuration → Preferences → SAML.
Take note of your Service Provider Metadata and Service Provider Initiated Sign-on URL as you will need them to set up your Identity Provider.
Setting Up Your Identity Provider
Getting an Identity Provider set up within your organisation is not the responsibility of ReadyTech. If you need assistance with this step, you can contact your IT team to help you and refer to these articles for more information:
- SAML authentication with Azure Active Directory - Microsoft Entra
- Set up SSO for your organization - Google Workspace Admin Help
Add Details to your System
Go back to the SAML Settings on your site and click on the Edit button.
- Identity Provider Metadata URL - App Federation XML Data URL, that is will provided by your Identity Provider.
- Identity Provider Metadata XML - App Federation XML Data file content from your Identity Provider, you can input this if the URL mentioned before fails.
- Login Failure Message – If the user’s SSO fails, a message can be displayed.
- SSO for Student Portal – If enabled, this allows users of the Student Portal to login using SSO.
- Allow Access to Student Portal prior to SSO Activation - Allows students to access to the student portal before SSO has been activated for their account.
- SSO Sign In button on Login Page - Enabling this will have the Single Sign On button display on the login screen.
- SSO Sign In button on Forms Login Page - If login is enabled on a form, this will allow users to login using Single Sign On.
- SSO Sign In button text - Changes the texted displayed on the Single Sign On button.
- Enable your system as an Identity Provider (IdP) for Moodle SAML SSO - Allows for your system to serve as an Identity Provider for Moodle Single Sign On.
Once you have configured the desired settings, click on the Save button.
Logging In Using SSO
When you get to the login screen for your site, there should now be a Sign in with Single Sign-On button. Clicking on the button should redirect the user to the Identity Provider login and if everything was set up properly, the user will be logged into the system.
Please be aware that it can fail to login if there are two party profiles with the same email address in your system.
If the login request fails for any reason, it is likely that some settings were entered incorrectly at some stage in the set up process or that the Identity Provider settings weren't configured properly.