Learn Basic Single Sign-On Authenticatin Tale s Basic SSO applicatin grants Learn access t users withut requiring that they enter authenticatin lgin credentials (username and passwrd). The access pint is determined by the client and the SSO URL is made available t the users. Once the client perfrms authenticatin, the user is navigated t the Learn system using a simple HTML frm pst that cntains their user ID. If Tale s standard MD5 hash security feature will be implemented, encryptin tken parameters must als be included in the frm pst. The user authenticatin prcess varies frm client t client depending n internal resurce capabilities, and client prcesses and prcedures. Single Sign-n cntributes t an enhanced end user experience and ffers multiple advantages t the client that includes but is nt limited t: Reduced cst assciated with managing emplyee identities Centralized authenticatin services Eliminatin f additinal lgins Minimized maintenance acrss servers Reduced verhead csts Reduced call vlume (inquiries related t lgin credentials) Lwered enterprise help desk csts The Learn Basic SSO applicatin is defined belw. Tale will prvide each client with a basic SSO guide, a sample HTML frm pst and sample MD5 hash encryptin cde. The basic SSO applicatin dynamically authenticates user accunts fr active users in the rt r in ne specific sub LearnCenter; this is a default SSO cnfiguratin that is defined by the client up frnt. User authenticatin in a specific sub requires query string parameters in rder fr the SSO applicatin t perfrm deep linking.
Elements Managed by the Client: Required Learn cnfiguratins. This includes the additin f all active users that will be accessing Learn via the basic SSO. The initial launch pint: Making the SSO available t the user such as placing a link n an intranet r internet page and prviding the user with the SSO access pint details. The authenticatin envirnment: Authenticating and apprving the user within the client netwrk and assigning a unique ID that the Learn SSO applicatin will recgnize. Optinal: Prvide the MD5 hash encryptin tken. Basic SSO HTML Parameters: The SSO applicatin includes predefined parameters t prcess the user and grant them access; this includes a unique user ID and the MD5 hash tken values. The applicatin minimum requirement is the User ID that is sent in the Username field in the frm pst. The encrypted MD5 hash tken values are ptinal depending n the security requirements. Client Prcess/SSO Launch Pint: The client will cnfigure the SSO URL and place the link n an internet r intranet page. The client URL shuld be cnfigured t gather the necessary user credentials and perfrm authenticatin, generate the encrypted tken and the HTML frm pst then frward the HTML frm pst t the Learn custm handling page. The prcess will als include the additin f query string values t perfrm deep linking as necessary (the Learn ID r page as defined). Basic SSO Prcess: A Tale custm handling page reads the HTML frm pst fr each user. If the MD5 hash security feature is part f the applicatin the first step in the prcess is the validatin f the frm pst. Once this security step is cmplete, the applicatin then attempts t lcate the user based n their unique ID. When the user is identified in the Learn database, they will be directed t the default landing page in the rt (r a pre-defined sub LearnCenter) and granted access. User rules that yu cnfigure in Learn as part f the user prfile determine the cntent that is accessible and will nt be affected by the basic SSO. Deep Linking: The basic SSO applicatin has the ability t navigate users t a Sub LearnCenter r a specific page using query string parameters sent by the client with the HTML frm pst. This is referred t as deep linking. The ptinal variable values that can be sent with the HTML frm pst include:
The Page and / r Learn ID: Page=<variable> r LCID=<variable> The SSO applicatin will validate the user, grant access t users that are in an apprved status, and direct the user t the LearnCenter and / r page based n the query string values. If the user is passed t Learn withut the Page and / r LCID values the applicatin will navigate them t the default landing page in the system rt. Basic SSO Authrizatin: The SSO applicatin grants user access accrding t the fllwing authrizatin prcesses and criteria: Security: If required, the encryptin tken that is sent with the HTML frm pst is validated. If the applicatin is unable t perfrm this level f validatin, the user will nt be granted access. User Access: The unique ID sent in the username field with the SSO request must match user values lcated in the Learn database (nte: the SSO username is nt necessarily the same as the username within Learn. Fr example, Email address may be the nly cmmn user attribute in the client s netwrk. In this scenari, the Email address is added t the username parameter f the HTML frm pst). User Status: All users are granted access regardless f their status in Learn. Standard Learn functinality will prevent users frm accessing any features in Learn nce they ve been granted access, and a standard access denied message will be presented. Messaging: The basic SSO applicatin uses standard messages that are available fr the client t cnfigure and custmize in Learn. The applicatin prcess flw diagram demnstrates the basic SSO applicatin descriptin.
Excludes: The fllwing items are nt included with the basic Single Sign-n applicatin Managing users in Multiple LearnCenters (ther than redirecting users with query string parameters using a sub Learn ID. Users must have apprpriate memeberships in each sub r standard Learn functinality will prevent them frm accessing training r any ther Learn features). Additinal parameters in the frm pst (ther than the Username and Md5 hash tken values) Additinal client specific security layers (MD5 hash is standard fr the basic SSO applicatin) Creating user accunts Updating user accunts Additinal deep linking functinality (LCID and page are the nly additinal parameters that can be sent in the query string) Managing grups r assigning users t grups Managing Supervisrs r assigning Supervisrs t users Managing r Assigning Jb Prfiles Managing r assigning Develpment Plans Managing r assigning Assessments Managing r assigning Enrllments Managing r assigning User Rles Managing r assigning Skills Managing r assigning Certificatin Tracks Prcessing ecmmerce data User License Management Multiple errr message definitin and handling(the client will cnfigure messages using standard Learn functinality) Encrypting data transprt Client data clean-up Test data creatin Advanced testing (beynd what is defined belw) ----------------------------------------------------------------------------------------------------------------------------------------- Integratin Services will include the fllwing phases and deliverables: Apprval Phase Review f the basic SSO applicatin Apprval f the Learn Basic SSO Guide
Service Delivery Phase Unit Testing (Prvider) Up t five (5) test runs f the applicatin against a cpy f the Custmer database. Dcumentatin f changes made t the applicatin befre each test run. Spt checking recrds against the testing parameters defined in the Basic SSO Guide. Quality Assurance User Testing Phase Testing f Integratin in a distinct User Testing (UT) envirnment that is a cpy f Custmer s Prductin envirnment. Testing envirnment (distinct URL) t be available t the Custmer fr up t 30 days frm the day the integratin is first run in the UT envirnment. Develper testing will cnsist f a randm sampling f Custmer data fr verificatin. Custmer User Test script creatin and executin are the sle respnsibility f the Custmer. Refinement f the SSO t ensure requirements captured in the SSO guide are being met. New requirements intrduced during this phase will be cnsidered enhancements and will be charged n a time and materials basis at a rate f $210 per hur. A maximum f five iteratins f running the integratin script in test envirnment. This translates t the initial test and a maximum f tw (5) refreshes f the test envirnment with the LearnCenter database frm the Prductin envirnment t supprt Custmer-side User Testing Custmer sign-ff n Testing Phase. After 30 days the prject will be clsed and any additinal use f the UAT site will be at an additinal cst, unless there are nging Learn.cm Develpment Deliverables. At such time, all fees shall be due and payable under this Statement f Wrk. Migratin Phase Migratin and scheduling f Integratin in Prductin LearnCenter envirnment. Custmer sign-ff n prject cmpletin.