Skip to content
English
Sign in
back to Admin-Area
  • There are no suggestions because the search field is empty.

Single Sign-on (Third-Party Login)

Via Single Sign-On (SSO), a user can authenticate himself via a third-party system configured by us and log in to keelearning (e.g. with your company's access data).

Single sign-on explained simply

  • The user clicks on the Single Sign-on button on the keelearning login page
  • If the user is already logged in to your system, the user is also automatically logged in to keelearning
  • If the user is not logged into your system, the login mask of your system appears.
    image-png-2

    What are the requirements?


    The following requirements must be met for single sign-on via OpenID Connect (OIDC):

    The user must have an account on the third-party website

    The third-party website must operate an OpenID Connect provider

    Depending on the OIDC provider, an authentication page appears when the user first logs in, asking them to grant keelearning access to their user data. The text of the authentication page and the process cannot be influenced by us, as this is dependent on the OIDC provider (third-party code).

    The .well-known/openid-configuration route must be accessible via the Internet. In the case of Microsoft Azure AD:

    # Schema
    # [SSO-Domain]/.well-known/openid-configuration

    # Beispiel
    wget -O - https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration

    What does keeunit need to set up?

    OpenID Connect is an open standard. We need the following information from you:

    • OpenID Connect Authority URL
    • OpenID Connect Client ID
    • Name of the login button (e.g. Login via Microsoft)

     

    How do I set it up in keelearning?

    To do this, go to Login & Registration under Settings. Here you can make all the settings yourself:

     


     

     

    What does the setup in Azure AD look like?

    The following steps will help you to set up single sign-on via OpenID Connect in Azure AD.

     

    1. create a new app under App registration

     


     

     


     

    3. Tick both boxes under Authentication

     


     

    4. Send us the two marked IDs and we will set up SSO in keelearning for you

     

    What do I need to consider if I have two user groups that require two different SSO configurations?

    In this case, it is possible to use the multi-client capability. A separate login page and a separate SSO configuration can be stored for each client profile.

    If you have any questions about activating/upgrading the multi-client capability, please contact our support team.