The Learning Creation Studio
  1. ELB Learning Knowledge Base
  2. The Learning Creation Studio

The Studio Account Single Sign On (SSO) FAQ

This article explains the Single Sign On (SSO) feature in The Studio by ELB Learning® Account Portal

Isn't The Studio already a Single Sign On?  Please explain.

The Studio by ELB Learning account portal is a single location to log into and access all of your ELB Learning products, such as Lectora Online, Asset Library, Lectora Desktop, ReviewLink, CenarioVR, and the ELB Learning Community forums.  Logging into the portal with your organization's SSO method provides the additional level of access security your organization has requested.

How does a customer activate SSO in the Account Portal?

The org Admin can activate the SSO feature from their Account Settings page.  The settings include the selection of ID Provider (IDP) in the Single Sign-on Settings page and additional information such as URLs, entity IDs, and or Tokens.  We suggest that you work with your internal IT team or SSO point person who will be able to provide the information specific to your company.

Does every user in an Organization have to use SSO to access their Apps in the Account Portal?

Technically, no.  Users can use their email address and password, but once a login has occurred using SSO, SSO will always be required.  From a company policy perspective, the company should dictate whether this is allowed.   

When a user logs into The Studio account portal using SSO, is the traditional login method with an email address and password still available?

No, once a user logs into the account portal via the SSO method, the ability to log in using their email and password is disabled.  This is for security reasons and is what the customer desires by switching to SSO

When a user logs into the Account Portal with SSO, do they get an authentication email?

No, once a user is authenticated using the SSO process, their account is active and ready to use. No email authentication is sent or required.  In the future, due to GDRP, Account Portal might not even store the user's email or personal information.

Can a SSO user still login into an App directly, ie. https://us.lectoraonline.com/app/login ?

No, the SSO sign-on is to the Account Portal only.  SSO will not be implemented on the login page of any of the ELB Learning app websites.  Customers will need to log into The Studio account portal and then go to their App using the Launch button for the desired application.

What IDPs does the SSO feature support?

As of July 2022, the following IDPs are supported by the SSO function of The Studio by ELB Learning Account Portal: 

  • Okta
  • Azure
  • Google
  • SAML 2.0
  • OAuth 2/OIDC

What information do I need to configure Account Portal to use Azure as the IDP? 

  • Redirect URL
  • Tenant ID
  • Client ID
  • Client Secret

What information do I need to configure Account Portal to use Okta as the IDP? 

  • Redirect URL
  • Okta Base URL (https://companydomain.okta.com/
  • Client ID
  • Client Secret

What information do I need to configure Account Portal to use Google as the IDP? 

  • Redirect URL
  • Client ID
  • Client Secret

What information do I need to configure Account Portal to use SAML 2.0 as the IDP? 

  • Service Provider ACS URL
  • Service provider Issuer/Entity ID
  • Service Provider metadata (optional)
  • Identity Provider Issuer URL
  • identity Provider Metadata URL

What information do I need to configure Account Portal to use OAuth 2/OIDC as the IDP? 

  • Redirect URL
  • Authorization URL
  • Token URL
  • User Info URL
  • Client ID
  • Client Secret

What is the process to configure my company to use SSO?

What is the process a user follows to log into Account Portal using SSO?

1. Go to https://portal.elblearning.com/

 

2. At the lower section of the login block, click the link labeled "SSO Login". A window will appear asking for your organization name. Type in the Organization name provided to you by your company's ELB Learning Org Admin.

4. Click the "Continue" button and the Account portal will look for your organization.

5. A window from your IDP will appear.  Follow the IDP procedure to log into the IDP

I click on the link to login in using SSO but I get the following error message. 

"Sign In Error.  The organization with name "[ORG NAME YOU TYPED IN] does NOT have SSO support or does not exist."

What do I do now?

Please contact your company's Organization Administrator. The Studio account portal for your  Organization might not be configured for SSO, or you might not have the exact Organization name that was configured in The Studio account portal. 

I click on the link to login in using SSO but I get the following error message.  ERROR #2.  What do I do now?

Please contact your company's Organization Administrator. The Studio account portal may not be configured for SSO with your organization,