Intellum provides multiple authentication options for your account. In addition to simple login configuration options (Password, Facebook and Google authentication), we provide SSO configurations (OpenID Connect, OAuth 2.0 and SAML) which allow direct connection between your company portal or internal website.
Simple Login Configurations
A simple username and password option, which is the default login configuration used for accounts.
Authentication via Facebook’s login widget. When this option is used, users will encounter a login widget that leverages the user’s Facebook profile.
Authentication via Google’s login widget. When this option is used, users will encounter a login widget that leverages the user’s Google profile. Contact your implementation or account manager and they will enable this for your site. Settings you should update are:
- In Account Settings, select “Require logins to use SSL (HTTPS) connection” for SSL Login
- If you want to restrict your login to any specific email domains provide those to your implementation/account manager
- If you want to enable this authentication only for specific branding organizations on your site, provide those to your implementation/account manager
Finally, you may define the lookup attribute as either the UID or Email field of the user account.
OAuth 2.0 is an authorization framework that works by delegating user authentication to the service that hosts the user account and authoring third-party applications to access the user account. Ideally, if you’d like to use OAuth 2.0, just provide your account manager with your OAuth 2.0 details or work with them to implement this particular solution.
OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol. If you want your users to access the Exceed LMS via OpenID Connect, please contact your implementation or account manager and they will help you enable this for your site.
SAML is an XML standard for exchanging authentication and authorization data between security domains. If you are using SAML for your SSO integration, your account manager or implementation specialist will assist you in the process of “trading metadata” which allows the SAML process to successfully work. This is a two-step process:
- The Exceed SP metadata file can be received at the following link: https://YOURSUBDOMAIN*.exceedlms.com/authentication/saml/sp
- Intellum will need either a link to your IdP Metadata endpoint or a text copy of your IdP Metadata XML file.
The unique identifier for the employee should be in the NameID element of the SAML response, as per the standard.
Once you’ve posted a response to the staging environment Intellum will check the logs and test it with our parser to confirm it works with your configuration. Your implementation or account manager will work with you to coordinate this.
* - YOURSUBDOMAIN is the site name created for your organization