Toggle Navigation
Sidebar

SSO Integration With SAML

Eight Simple Steps to Connect with Enriched Academy via SAML

1. Overview

This document outlines the steps required to establish a SAML-based Single Sign-On (SSO) integration between Enriched Academy Portal (Service Provider) and Client Portal (Identity Provider). This integration will enable users to authenticate through client Identity Provider (IDP) and seamlessly access Enriched Academy’s platform.

2. Roles

  • Enriched Academy Portal: Service Provider (SP)
  • Client Portal: Identity Provider (IDP)

3. Information Provided by Enriched Academy (SP)

Enriched Academy will provide clients with the Service Provider (SP) metadata via a Metadata XML Dynamic URL.

Metadata XML Dynamic URL:

https://ssov2.enrichedacademy.com/saml/public/module.php/saml/sp/metadata/default-sp

Metadata XML includes the following details:

  • Entity ID (SP Identifier)
  • Assertion Consumer Service (ACS) URL
  • Single Logout Service (SLO) URL
  • Binding Method
  • X.509 Certificate

4. Information Required From The Client (IDP)

To configure clients Identity Provider on Enriched Academy’s side, we require their Metadata XML Dynamic URL, which must contain the following details:

  • Entity ID (IDP Identifier)
  • Single Sign-On Service (SSO) URL
  • Single Logout Service (SLO) URL (if applicable)
  • X.509 Certificate (for verifying signed assertions)
  • Binding Method: HTTP-Redirect / HTTP-POST

5. Integration Steps

  1. Step 1: Exchange Metadata
    • Client Portal provides its IDP metadata to Enriched Academy.
    • Enriched Academy provides its SP metadata to Client Portal.
  2. Step 2: Configuration at Client Portal (IDP Side)
    • Add Enriched Academy Portal as a Service Provider.
    • Configure ACS URL, Entity ID, and logout settings.
    • Set up user attributes (e.g., email, firstName, lastName, role, and location).
  3. Step 3: Configuration at Enriched Academy Portal (SP Side)
    • Upload Clients IDP metadata.
    • Configure the authentication flow.
    • Map user attributes to match the SAML response.
  4. Step 4: Testing & Validation
    • Perform initial login tests.
    • Verify attribute mapping.
    • Ensure seamless logout functionality.
  5. Step 5: Go Live
    • After successful testing, switch to production settings.

6. Attribute Mapping

To ensure proper authentication, Client Portal should send the following attributes in the SAML response:

Attribute NameDescriptionRequired
emailUser's email addressYes
firstNameUser's first nameYes
lastNameUser's last nameYes
roleUser role: User or Client Admin UserNo
clientNameName of Client to allow mapping to clientIdNo
clientIdUnique Id of clientNo

7. Support & Troubleshooting

  • If login issues occur, verify the SAML response and attribute mapping.
  • Ensure that the correct certificates and metadata are used.
  • Contact Enriched Academy’s technical support for further assistance.

8. Next Steps

  • Client Portal should provide their IDP metadata and confirm the expected user attributes.
  • Both teams should schedule a testing session after the configuration is completed.