Coursepath supports the following open Internet standards for Single Sign-On (SSO): OpenID Connect, SAML and JSON Web Token.
This is the preferred way to connect your Identity Provider (such as Active Directory) with Coursepath. Please contact us to enable it. We will ask for the following:
We support SAML when OpenID Connect is not available at your end. Please contact us to enable it. We need from you:
We will provide you with:
Coursepath expects the Name ID to be the user's email address.
JSON Web Token
Using JSON Web Token (JWT) for SSO is an excellent way if your organization does not yet have a central Identity Provider, or when you want give your users a seamless flow from your app to Coursepath. It will require some coding at your end, but this is usually not a lot of work.
This is the authentication process:
As you can see, this process relies on browser redirects and passing signed messages using JWT. The redirects happen entirely in the browser and there is no direct connection between Coursepath and your systems, so you can keep your authentication scripts safely behind your corporate firewall.
Authenticate the user
Make sure the user is authenticated at your end. Obtain the authenticated user's email address. This is what Coursepath needs to uniquely identify your user.
Create the JWT token
Generate the JWT for your authenticated user. See our JWT page for instructions.
The JWT token can be used only once, and is valid for only a couple of minutes. Generate the JWT token only just before you redirect the user.
Redirect the user
Now make the URL where you will send your authenticated user, according to this template:
token parameter is required. This is the signed JWT token containing the user's email address so we can grant the session.
locale parameter is optional. See our Formats page for supported languages.
next parameter is optional. This is the path of the page where the user must land. For a particular course, use the path