Configuring SAML SSO for TalentLMS

These steps will guide you through setting up the SAML-based single sign-on (SSO) functionality between ADSelfService Plus and TalentLMS.

Prerequisite

1. Log into ADSelfService Plus with administrator credentials.
2. Navigate to Configuration > Self-Service > Password Sync/Single Sign On.
3. Click Add Application.
4. In the window that appears, you will find the list of applications supported by ADSelfService Plus. Choose TalentLMS.
Note: You can also use the search bar in the top-left to search for the application.
5. Click IdP Details in the top-right corner.
6. In the pop-up that appears, click the SSO (SAML) tab, then note the Entity ID, Login URL, Logout URL, and SHA1 FingerPrint values, which will be required to configure SSO in the service provider.

Configuring the Service Provider (TalentLMS)

1. Log in to TalentLMS using administrator credentials.
2. Navigate to ACCOUNT & SETTINGS > Users.

3. Click on Single Sign-On (SSO).

4. From the SSO integration type drop-down, choose SAML 2.0.

5. Enter the values copied in step 6 of Pre-requisites corresponding to Identity Provider, Certificate fingerprint, Remote sign-in URL and Remote sign-out URL.
• Identity Provider: Entity ID
• Certificate fingerprint: SHA1 FingerPrint
• Remote sign-in URL: Login URL
• Remote sign-out URL: Logout URL
6. Also, enter the Targeted ID, First name, Last name, and Email using the below mentioned values.
• Targeted ID: tid
• First name: first_name
• Last name: last_name
• Email: email
7. Click Save and check your configuration.

8. From the SSO login screen drop-down, choose Login page + IdP login link.
9. Then, click Save.

Configuring ADSelfService Plus

1. Switch back to the ADSelfService Plus console.

2. Enter the Application Name and Description.
3. Enter the Domain Name of your TalentLMS account. For example, if you use johndoe@thinktodaytech.com to log in to TalentLMS, then thinktodaytech.com is the domain name.
4. In the Assign Policies field, select the policies for which SSO need to be enabled.
Note: ADSelfService Plus allows you to create OU and group-based policies for your AD domains. To create a policy, go to Configuration > Self-Service > Policy Configuration > Add New Policy.
5. Under the SSO tab, select Enable Single Sign-On.
6. Choose SAML from the Select Method drop-down.
7. Enter the name of the Sub Domain. For example, if your portal URL is https://self-service.talentlms.com, enter the value self-service as sub-domain.
8. In the Name ID Format field, choose the format for the user login attribute value specific to the application.
Note: Use Unspecified as the default option if you are unsure about the format of the login attribute value used by the application.
9. Click Add Application.

Your users should now be able to sign in to TalentLMS through ADSelfService Plus.