Contents
Single sign-in (SAML) can be enabled and used in two ways:
- To give your organisation's members a quick and easy way to sign in to their FutureLearn account.
- To invite learners to enrol and log into your FutureLearn courses via your organisation's web pages. This method can be used instead of personal Learning Manager invitation links to ensure the learner is eligible for free enrolment. An example of this tool is a University providing its staff and students with free access to its FutureLearn courses via its own website.
SAML single sign-on can also be used to subscribe eligible learners to FutureLearn Campus.
The SAML enrolment flow starts with a simple URL that could be included in an email or a webpage.
Enrolments created through SAML enrolment are billed in the same way as enrolments created through Learning Manager course invitations. Any discounts or pre-paid agreements are automatically applied.
See the learner journey of single sign in via an external site or learner journey of single sign in via FutureLearn.
Restrictions and additions
- Organisations can only use SAML enrolment to enrol learners on the same set of courses and course runs as are available when inviting learners to courses through Learning Manager. Organisations cannot use SAML enrolment to enrol learners on courses outside of the usual availability windows.
- FutureLearn supports up to one SAML identity provider per organisation. This means that all learners invited by the organisation through SAML enrolment must be able to sign in using the same identity provider. Learners cannot be enrolled using a different organisation’s identity provider.
- The FutureLearn platform will use the user identifier from the SAML identity provider as the external learner ID. Bear in mind if you also invite learners via other means such as Learning Manager course invitations and degree enrolment APIs.
- All learners on the FutureLearn platform are able to sign in with their email address and FutureLearn password, even if they originally created their account through SAML single sign-on. This means that they can continue to access their FutureLearn account after they've left your organisation.
- There is no requirement for learners to use their work or university email address for their FutureLearn account. This means that learners can use a single FutureLearn account for all their learning and link it to more than one work or university account if they wish.
Setting up SAML 2.0 single sign-on
- Consult with your organisations IT department to confirm whether your systems support SAML 2.0.
- Contact your Partnership Manager to sign a small addition to your existing contract which includes details of how learner data is stored and shared.
- We perform due diligence checks to ensure the system is secure. This includes making sure that processes are in place to keep servers up to date, and to prevent unauthorised access to learners' data. We'll also check that the complete single sign-on flow is protected by SSL.
- Our technical team will need the following information:
- The metadata XML or a secure (HTTPS) URL to the metadata for your SAML 2.0 identity provider.
- The name of the attribute in the SAML assertions from the identity provider we'll use to uniquely identify each learner.
- It's important that the chosen identifier is persistent (doesn't change between sessions) and not reassignable (it'll never be used for a different user).
- By default our service provider will use the NameID (which is often an email address) but a common alternative is the eduPersonPrincipleName.
- The domain name for the organisation. This is the domain name your users will need to enter if they wish to sign in using the 'Sign in with your organisation' button on the FutureLearn sign-in page.
- If possible, the username and password for a test account.
In return, we'll provide you with the URL for the FutureLearn service provider metadata, which your IT team will require to register FutureLearn as a service provider with your identity provider or federation.
- Our team will use this information to configure our platform.
- We'll help you troubleshoot any issues that may arise.
For organisations with documented policies and procedures this process usually takes a couple of weeks.
Creating and managing SAML enrolment links
After your organisation has SAML single sign-on enabled, staff members with learning manager permission can create, view and manage their own SAML enrolment links through Learning Manager.
1. Select view and create links
On the Learning Manager home page.
2. Use the 'Create SAML enrolment link'
To generate a link for a new course and the 'Deactivate' / 'Activate' links to turn existing links on and off.
Terminology on this page that you aren’t familiar with? Check out our glossary.
Comments
0 comments
Please sign in to leave a comment.