All Collections
Integrations, API, & SSO
SSO
Integrating SAML Authentication with Coassemble
Integrating SAML Authentication with Coassemble

Use existing SAML authentication systems such as Active Directory to identify your Coassemble users.

Lucas avatar
Written by Lucas
Updated over a week ago

Overview

SAML (Security Assertion Markup Language) is an XML-based standard that enables secure communication of identities between companies, employers, or other agencies.  When an Identity Provider such as an employer, and a Service Provider such as Coassemble, both implement SAML, they are able to seamlessly authenticate accredited users associated with the Identity Provider to use the Service Provider.

Active Directory has a SAML-based authentication system and is already used by many businesses and other enterprises.  This article explains how to integrate authentication systems like these with Coassemble. 

Configuration

The SAML Authentication feature is configured in Coassemble via the Integrations page, on the Advanced settings tab.  

The following parameters are required:

Identity Provider Metadata URL: 

User Domain: 

  • this can be derived from the above metadata, or specified separately as an override

Press the Test button to attempt a connection to the service, a notification will appear
showing if the test succeeds.


If the test does not succeed, consult with your IT/Network Administration or contact Coassemble Customer Success for more details.


Note: If your IDP doesn't support SLO you can add lines of SLO code to your metadata and upload the file, this would just mean you wouldn't be able to use SLO.

Service Provider Configuration

The Service Provider Metadata for your workspace can be found at:

https://yourworkspace.coassemble.com/saml/metadata

(where yourworkspace is specified as the correct name for your Coassemble workspace)

This URL should be specified in the Service Provider Configuration for your server.

Also, if needed the following URLs are available to specify for you Identity Provider:

Identifier (Entity ID): https://yourworkspace.coassemble.com/saml/metadata
Reply URL (Assertion Consumer Service URL): https://yourworkspace.coassemble.com/saml/acs

Operation

A note on linking user accounts to content

When using the SAML Integration, it's important to set up your Learners and link them to content before they access the sign-in page.  This is to ensure that the Coassemble User Account exists before the user tries to sign in via SSO.

It's also important to note that the SAML account and the Coassemble account are linked by matching the email address of the two accounts: the SAML Unique Identifier should be the account email address and this must be the same email address used to create the Coassemble account.  

Authenticating with Coassemble via SAML

The authentication system is then used as shown in the following steps:

  1. User logs in to their workstation via standard network authentication

  2. Authenticated network user visits their Coassemble workspace URL eg. https://yourworkspace.coassemble.com.

  3. User sees a (new) button with a label of the SSO domain eg. mysaml.local

Press the SSO sign-in button (highlighted in the example above) to log in using current network credentials.

From here, the standard process is followed.  

Course creation / enrolment

Coassemble Workspace Administrators / Facilitators and Teachers can: 

  • organise Coassemble Users into Groups 

  • create content comprising Coassemble Courses and Modules

  • associate Coassemble User Group/s with Course/s as desired

Note: Account maintenance

When a SAML authenticated account is used, the User profile is not maintained by Coassemble.  The details pertaining to the user account eg. password are maintained as part of the standard operating environment, depending on your network. Consult your IT/Network Administrator for more details.

Did this answer your question?