Should you use SSO or an API with your LMS? Des Anderson, CTO at LearnUpon Published on March 21, 2018 Single Sign-On (or SSO) is a term that finds its way on to every LMS requirement list. It can appear complicated at first but it doesn’t have to be. In this post, we outline: What is SSO? What’s the difference between SSO and an API? How to decide which one is most suitable for your needs. And we run through some SSO options you should consider with your LMS. What is Single Sign-ON (SSO)? Single Sign-On (SSO) is a property of access control of multiple related, yet independent, software systems. With this property, a user logs in with a single ID and password to gain access to a connected system or systems without using different usernames or passwords, or in some configurations seamlessly sign on at each system. Wikipedia Single Sign-On, or SSO as it is commonly known, is a feature that enables an end-user within an organization to access multiple services/applications, using just one set of credentials, for example, employee i.d or email address. It involves two parts: authentication and authorization. Authentication is the process of identifying that the person logging in has the appropriate credentials Authorization allows access to the appropriate areas or content which have been granted by the administrator The analogy we like to use is that the input of the user credentials in the first instance is like a master key. It unlocks all the other doors without the user having to continuously search through a bunch of keys, trying to find the appropriate one for the next door they want to open. Why is SSO used? Integrating Single Sign-On with your LMS has many major benefits including: Convenience: The end user isn’t required to enter details such as usernames or passwords into applications they use multiple time a day. Efficiency: It reduces the workload of the I.T department, as fewer users are requesting password resets for multiple applications. Security: It can significantly increase the security of the I.T environment. What is an API? An API provides an interface that allows developers to literally interact with programs and apps, including learning management systems. Each API has a set of credentials used by admins and developers known as keys. These keys are similar to a username and password pair that allows developers to use the API to interact with the data in your LMS. In this context, ‘interact’ describes actions such as creating, updating, deleting, or retrieving data. An API can speed up processes by automating time-consuming manual steps. Without an API, if you’re an admin creating a user in your LMS, you need to log in, access the create user screen, fill in a form and click save. Or instead, your developer can simply code an API to automatically create users based on rules relevant to your needs. The API frees admins from managing the process manually or via batch file uploads. It’s that simple! A decent API allows you to automate lots of other actions, like updating, deleting, or exporting lists of users. The API allows you to create courses, enroll users on to courses, and get a list of their progress statuses - all automatically. This data can then be managed together in one central location. And you can use the data to build reports or keep users in sync. Do I need an SSO or API integration? At LearnUpon, we frequently speak to people requesting to see our Application Program Interface (API) documentation because they want to implement Single Sign-On (SSO). And we also encounter the reverse. We hear from them about SSO when their needs are more suited to uses of the API. While API and SSO can work really well together, they are in fact two very different tools. We like to compare it to the difference between a knife and fork. While the tools complement each other really well, they also serve VERY different purposes and should be used to accomplish different tasks. SSO vs API summary SSO streamlines your user experience when accessing other applications. It’s a set of Single Sign-On credentials associated with each user. API is all about data automation. It keeps your data in sync and automates pulling data out of a system to generate reports. How to decide between SSO and API Still unsure if you should implement an API or SSO? These three questions will help you to decide if you should go with either, both, or neither types of integration. Question 1: Do you need users to access your LMS without logging in? If Yes, then you need SSO. Once you implement SSO, users will only need one set of credentials to access all applications. If you decide to use SSO in this context, you could include an “Access my Learning” button on your website or intranet. Once users click the button, they will be transported into the LMS to launch and complete their training, without needing to log in again. If No, then you do not need SSO. You may still need an API, depending on your answers to the two questions below. Question 2: Do you need users from a separate system to be created in your LMS? If Yes, – Before we dive deeper into the API itself let’s consider a follow-up question: Did you need to implement SSO already? This question is worth considering because some systems, including LearnUpon, support simplified user synchronizations when implementing SSO. That means that SSO will not only seamlessly log users into the LMS, it can also provide additional settings that allow you to create or update users on the fly as well. That’s really helpful because it means you might not even need to implement an API in order to sync users. There are many varieties of SSO but one is SAML SSO. The SAML SSO module allows you to create or update users on the fly and automatically assign them to groups in LearnUpon, increasing the types of automation you can use to manage your user list. Before you jump into API, it’s worth asking your LMS vendor, or preferred third-party app, if they offer any type of user synchronization as part of their SSO modules. If No, then you don’t need to use an API with SSO. You might still find an API useful for reasons discussed in our third question below. Question 3: Do you need to push data into or pull data from your LMS? Yes, you do! You may need, for example, to export enrollment statuses, training history, or other types of data. You might also need to manage your user group memberships or user lists in other applications. Most LMS applications include reporting features that meet many of these needs. In LearnUpon, for example, we offer automated report scheduling, so you don’t need to remember to run reports. They’re emailed directly to your inbox when you need them. However, in some cases that level of functionality doesn’t quite cut it. You may still need to pull extra data and push it to external applications for further crunching. Perhaps you would like to pull lists of users and groups and send the data to a managerial meeting to inform team restructuring. The list of potential uses really is endless. The question about whether to implement an API is all about automation. The most important point is that implementing an API enables you to access data in an automated way. Thus avoiding the need for admins to log in, search, and report on data manually. SSO can synchronize Data Systems like LearnUpon support simplified user synchronizations when implementing SSO. This means that SSO will not only seamlessly log users into the LMS, it can also provide additional settings that allow the system to create or update users on the fly, which can be a huge time saver as your user base grows! From a practical point of view once the user clicks on the “LearnUpon” button they will be created in the LMS and automatically logged in to access their training materials. It’s a seamless/automated way to get your users into your LMS and enrolled in their courses. Setting up SSO in LearnUpon LearnUpon has an SSO guide available for our customers that helps them to get started. Your internal technical team can review it to see how they can implement either ‘Signed Query SSO’ or SAML-based SSO. You can quickly set up either within the settings area of your LearnUpon portal, under integrations. LearnUpon's SSO options SAML Security Assertion Markup Language or SAML is a mechanism for asserting that a user is who they say they are before granting them access to a particular application or resource. SAML can: Create new users and update existing users in the application Sync your users with group memberships (linked to enrolment) Redirected users to a specific website page when an SSO request is rejected or when the user logs out. Active Directory If you’re using Active Directory, it can be turned into a SAML provider with a plugin called Active Directory Federation Services. This will use SAML as the SSO mechanism. Signed Query String SSO SQSSO is a lightweight Single Sign-On mechanism LearnUpon provides. It is used to silently log users into the LMS. Being lightweight doesn’t mean it’s less secure. Only that it’s a lot easier to implement than heavier set SSO modules such as SAML. OKTA You can integrate OKTA with your LMS to allows your OKTA users to access your portal easily through SSO. There's a step-by-step guide to integrating your LearnUpon account on the OKTA website. Azure Integrating your LMS with Azure AD provides you with the following benefits: You can control in Azure AD who has access to your LMS You can enable your users to automatically get signed-on to LearnUpon (Single Sign-On) with their Azure AD accounts You can manage your accounts in one central location - the Azure portal Microsoft even has a simple tutorial to help you set it up Azure AD with your LearnUpon account. G Suite You can integrate your G Suite with LearnUpon to allow your G Suite users to access your portal easily through SSO. You can Control in G Suite who has access to LearnUpon Allow your learners to launch your LMS from their G Suite Get more information Single Sign-On is a powerful integration for your organization to set up. It provides convenience for your learners, streamlining their access to training. This increases the adoption of your LMS and in turn your training programs. The added security will be popular with your IT team too! Start by getting in contact with us to see how LearnUpon’s SSO options can improve your eLearning efforts.