Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Single Sign On (SSO) Set Up Instructions

            Created by Vanessa Tanicien, Modified on Tue, 7 Jan at 8:56 AM by Tom O'Brien

            Would you like users to gain access to the LifeLabs Learning platform by authenticating through Single Sign On?


            Here are our instructions for getting set up with your SSO provider!



            Standard SAML providers

            1. Choose a one-word, all lowercase company name to use throughout the applicable steps below wherever you see the highlighted word ‘company’. For example, ACME Corp could choose either ‘acme’ or ‘acmecorp’. It is recommended that the "company" value be all lower case and no spaces, as it is case sensitive.
            2. Create a new SAML application in your SSO provider portal named “LifeLabs Learning”. 
            3. Update the following settings:
              ACS URL or Sign on URLhttps://lifelabs.us.auth0.com/login/callback?connection=company
              Entity ID or Audienceurn:auth0:lifelabs:company
              NameID Format

              Choose Email Address [if possible].


              It's important that your SSO provider is including email as the primary way of identifying users to LifeLabs Learning.

              No other settings should need to be filled.

            4. Assign users in your organization access to the application to ensure that the relevant users are granted access, as well as any new hires who join your organization post-launch.
            5. Send the following information to support@lifelabslearning.com:
              1. x.509 certificate
              2. Identity Provider Single Sign-On URL. Alternatively, you can send the downloadable metadata file. 
              3. The one-word company name you chose for your ACS URL and Entity ID.
            6. If an IdP-initiated type flow is desired (e.g., users click on a LifeLabs Learning card located in a central place and are redirected to LifeLabs Learning) please let our team know so that we can configure your SSO to accept IdP requests (carries some inherent security risks). Alternatively, you can create a link-based card or application to avoid IDP-initiated security risks. For this, create a separate link-style card and use https://app.lifelabslearning.com/training?sso=company as the URL of the link. This is the same link users will receive in their notifications from LifeLabs, and it will direct them through an SP-initiated SSO flow to their Learning Dashboard.



            Microsoft Azure AD

            1. Choose a one-word, all lowercase company name to use throughout the applicable steps below wherever you see the highlighted word ‘company’. For example, ACME Corp could choose either ‘acme’ or ‘acmecorp’.
            2. Create a new SAML application in your SSO provider portal named “LifeLabs Learning”
            3. Update the following settings:
              Sign On URLhttps://app.lifelabslearning.com/training?sso=company
              Note: this field is optional, but we recommend you fill it out.
              Reply URL
              (Assertion Consumer Service URL (ACS))              		https://lifelabs.us.auth0.com/login/callback?connection=company
              Entity ID or Audienceurn:auth0:lifelabs:company
              NameID FormatChoose Email Address [if possible].
              It's important that your SSO provider is including email as the primary way of identifying users to LifeLabs Learning.
              No other settings should need to be filled.

            4. Assign users in your organization access to the application to ensure that the relevant users are granted access, as well as any new hires who join your organization post-launch.
            5. Send the following information to support@lifelabslearning.com:
              1. x.509 certificate
              2. Identity Provider Single Sign-On URL. Alternatively, you can send the downloadable metadata file. 
              3. The one-word company name you chose for your ACS URL and Entity ID.
            6. If an IdP-initiated type flow is desired (e.g., users click on a LifeLabs Learning card located in a central place and are redirected to LifeLabs Learning) please let our team know so that we can configure your SSO to accept IdP requests (carries some inherent security risks). Alternatively, you can create a link-based card or application to avoid IDP-initiated security risks. For this, create a separate link-style card and use https://app.lifelabslearning.com/training?sso=company as the URL of the link. This is the same link users will receive in their notifications from LifeLabs, and it will direct them through an SP-initiated SSO flow to their Learning Dashboard.


            Instructions for Google Workspace

            1. Choose a one-word, all lowercase company name to use throughout the applicable steps below wherever you see the highlighted word ‘company’. For example, ACME Corp could choose either ‘acme’ or ‘acmecorp’.
            2. Navigate to Apps > Web and Mobile Apps. This step must be performed by a Google workspace admin.
              1. Click “Add App” at the top
              2. Choose “Add custom SAML app”. 
            3. Input "LifeLabs Learning” as the app name. Optionally you can include the LifeLabs Learning logo. Click “Continue”.
            4. Click “download metadata” and save it so you can send our team the .xml file to complete setup.
            5. Input the following:
              ACS URLhttps://lifelabs.us.auth0.com/login/callback?connection=company
              Entity IDurn:auth0:lifelabs:company
              Start URL[Leave blank]
            6. Send the following information to support@lifelabslearning.com:
              1. .xml file you downloaded
              2. The one-word company name you chose for your ACS URL + Entity ID.
            7. Assign users in your organization access to the application to ensure that the relevant users are granted access, as well as any new hires who join your organization post-launch.



            Instructions for Okta

            1. Choose a one-word, all lowercase company name to use throughout the applicable steps below wherever you see the highlighted word ‘company’. For example, ACME Corp could choose either ‘acme’ or ‘acmecorp’.
            2. Create a new SAML connection in Okta using the following settings:
              Sign on URLhttps://lifelabs.us.auth0.com/login/callback?connection=company 
              "Use this for recipient and destination..."Box checked
              Audienceurn:auth0:lifelabs:company
              The screenshot below illustrates how to configure the remaining settings to correctly map email as the identifier for Auth0.

            3. Send the following information to support@lifelabslearning.com:
              1. x.509 certificate
              2. Identity Provider Single Sign-On URL
              3. The one-word company name you chose for your Sign-On URL
            4. LifeLabs sets up the connection on our side with the information you provided us and associate your domain(s) with your account. Please let us know if you have any additional domains we should be aware of.
            5. You test the connection on your side. After SSO is set up on our end, we'll ask you to test the connection.
            6. Assign users in your organization access to the application to ensure that the relevant users are granted access, as well as any new hires who join your organization post-launch.
            7. If you want learners to have a "chiclet" in Okta that directs them to their LifeLabs Learning training, please let our team know so that we can configure your SSO to accept IdP requests (carries some inherent security risks). Alternatively, you can use a ‘Bookmark app’ to create a URL-based chiclet. In this case, the URL will be https://app.lifelabslearning.com/training?sso=company




            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0