This article provides details and instructions on how to configure Single Sign-On (SSO) for your Learners who use the Absorb Learning Mobile App.
-
Learners with a username/password combination can manually log in to your organization's Absorb LMS portal using the Absorb Learning Mobile App.
- If your organization uses Service Provider Initiated Mode SAML SSO, you do not need to take any further steps. Your Learners are able to log in to the mobile app using that current SSO configuration.
- If your organization uses Identity Provider Initiated Mode SAML SSO, your Learners will not be able to log in to the mobile app unless you do one of the following:
-
Option A: Update your Absorb LMS Portal SSO configuration from Identity Provider (IdP) Initiated Mode to Service Provider (SP) Initiated Mode.
- Option B: Add a new SSO configuration using Service Provider (SP) Initiated Mode, and associate it with a new LMS Route.
-
Option A: Update your Absorb LMS Portal SSO configuration from Identity Provider (IdP) Initiated Mode to Service Provider (SP) Initiated Mode.
For more information about Absorb SAML SSO, check out the Incoming SAML 2.0 Single Sign-On article.
The ADP Connector SSO is not currently supported by the Absorb Learn Mobile App, and you will need to leverage a separate Service Provider Initiated SAML SSO if this workflow is preferred for mobile app Learners.
Updates for Identity Provider Initiated Mode SAML SSO
Option A: Update LMS Portal Configuration
- Log in to the Admin Experience in your Absorb LMS portal.
- Click on the Account icon in the top right corner of the screen.
- Click Portal Settings in the sidebar menu.
- On the Portal Settings page, click Mange SSO Settings in the sidebar menu.
- Update your SSO configuration to the following:
-
Mode: Update selection to Service Provider Initiated.
-
Login URL: Update this URL address value to the SAML request endpoint of your Identity Provider.
-
Mode: Update selection to Service Provider Initiated.
- Confirm that your Identity Provider LMS Route is set up as an Identifier/Entity ID.
Option B: Create a New LMS Route
- Submit a request to Absorb Support (support@absorblms.com) to create a new LMS Route associated with your Absorb LMS portal.
- Once the new LMS Route has been created, you will need to update your Absorb LMS portal SSO Settings. Log into the Admin Experience in your Absorb LMS portal.
- Click Portal Settings in the sidebar menu.
- On the Portal Settings page, click Mange SSO Settings in the sidebar menu.
- In the Manage Single Sign-On Settings page, click the Add button.
- Create a new SSO configuration separate from your current primary one, using Service Provider Initiated Mode.
- In your Identity Provider create a new configuration using the new LMS Route.
Enable Optional SSO Settings for the Mobile App
The following code should be shared with your IT department. Your cloud-based iDP setting must be configured as the final step to enable your Learners to use SSO to login to the Absorb Learn Mobile App.
In your cloud-based iDP (e.g. OneLogin, Okta, Azure AD, Auth0), you will also need to configure a new entry with the following:
-
Identifier:
<additional route added to Absorb LMS that is assigned to your Service Provider Initiated,
SAML SSO setting, e.g. https://<clientname>mobile.myabsorb.com
-
Reply URL:
https://<clientname>mobile.myabsorb.com/api/rest/v2/authentication/saml
-
Unique user identifier:
<same as the value used for “Id Property” in the Service Provider Initiated, SAML SSO setting
in the Absorb LMS above>
-
Relay State: < leave blank>
Because this is passed in when the mobile app calls the iDP in order to ultimately, after several redirects from between the LMS Service Provider, https://<clientname>mobile.myabsorb.com/api/rest/v2/authentication/saml, and your iDP, relay back to the mobile app after the SAML token and learner token are obtained.
Comments
Article is closed for comments.