Log in

Single Sign-On with Coursepath

Coursepath supports the following open Internet standards for Single Sign-On (SSO): OpenID Connect, SAML and JSON Web Token.

OpenID Connect

This is the preferred way to connect your Identity Provider (such as Active Directory) with Coursepath. Please contact us to enable it. We will ask for the following:

  • OpenID provider discovery document URL
  • Client ID
  • Client secret
  • Scope (optional, by default we use openid email)

SAML

We support SAML when OpenID Connect is not available at your end. Please contact us to enable it. We need from you:

  • Identity Provider Metadata URL

We will provide you with:

  • Service Provider Metadata URL (which contains our Entity ID and Assertion Consumer Service URI)

Coursepath expects the Name ID to be the user's email address.

JWT

Using JWT for SSO is an excellent way if your organization does not yet have a central Identity Provider, or when you want give your users a seamless flow from your app to Coursepath. It will require some coding at your end, but this is usually not a lot of work.

This is the authentication process:

  1. Your user is browsing your company's intranet or website (for example, https://intranet.mycompany.com).
  2. A script on your side authenticates the user using your proprietary login process.
  3. Your script builds a JWT token that contains the relevant user data.
  4. You redirect the user to your Coursepath domain (for example https://academy123xxx.coursepath.com) with the JWT token as a query string parameter.
  5. Coursepath parses the user details from the JWT token and then grants the user a session.

As you can see, this process relies on browser redirects and passing signed messages using JWT. The redirects happen entirely in the browser and there is no direct connection between Coursepath and your systems, so you can keep your authentication scripts safely behind your corporate firewall.

How to implement your JWT SSO script

Authenticate the user

Make sure the user is authenticated at your end. Obtain the authenticated user's email address. This is what Coursepath needs to uniquely identify your user.

Create the JWT token

Generate the JWT for your authenticated user. See our JWT page for instructions.
The JWT token can be used only once, and is valid for only a couple of minutes. Generate the JWT token only just before you redirect the user.

Redirect the user

Now make the URL where you will send your authenticated user, according to this template:

https://academy123xxx.coursepath.com/redirect?token={jwt}&locale={language}&next={path}

The token parameter is required. This is the signed JWT token containing the user's email address so we can grant the session.
The locale parameter is optional. See our Formats page for supported languages.
The next parameter is optional. This is the path of the page where the user must land. For a particular course, use the path /{courseId}/course

That's it!
Back to index

EnglishPowered by Fellow Digitals