This article is relevant for users on the Extend, and Enterprise plans.
SAML (Security Assertion Markup Language) is an XML-based standard that enables secure communication of identities between companies, employers, or other agencies. When an Identity Provider such as an employer, and a Service Provider such as Coassemble, both implement SAML, they are able to seamlessly authenticate accredited users associated with the Identity Provider to use the Service Provider.
Active Directory has a SAML-based authentication system and is already used by many businesses and other enterprises. This article explains how to integrate authentication systems like these with Coassemble.
The SAML Authentication feature is configured in Coassemble via the Campus Settings page, on the Integrations tab, in the Advanced group.
The following parameters are required:
Identity Provider Metadata URL:
- this is the URL that describes the SAML service used on your network, consult with your IT/Network Administrator or contact Coassemble Customer Success for more details.
- eg. https://my.active.directory.domain/FederationMetadata/2007-06/FederationMetadata.xml
- this can be derived from the above metadata, or specified separately as an override
Press the Test button to attempt a connection to the service, a notification will appear
showing if the test succeeds.
If the test does not succeed, consult with your IT/Network Administration or contact Coassemble Customer Success for more details.
Service Provider Configuration
The Service Provider Metadata for your workspace can be found at:
(where yourworkspace is specified as the correct name for your Coassemble workspace)
This URL should be specified in the Service Provider Configuration for your server.
Also, if needed the following URLs are available to specify for you Identity Provider:
Identifier (Entity ID): https://yourworkspace.coassemble.com/saml/metadata
Reply URL (Assertion Consumer Service URL): https://yourworkspace.coassemble.com/saml/acs
A note on linking user accounts to content
When using the SAML Integration, it's important to set up your Learners and link them to content before they access the sign-in page. This is to ensure that the Coassemble User Account exists before the user tries to sign in via SSO.
It's also important to note that the SAML account and the Coassemble account are linked by matching the email address of the two accounts: the SAML Unique Identifier should be the account email address and this must be the same email address used to create the Coassemble account.
Authenticating with Coassemble via SAML
The authentication system is then used as shown in the following steps:
- User logs in to their workstation via standard network authentication
- Authenticated network user visits their Coassemble Campus URL eg. https://yourcampus.coassemble.com
- User sees a (new) button with a label of the SSO domain eg. mysaml.local
Press the SSO sign-in button (highlighted in the example above) to log in using current network credentials.
From here, the standard process is followed.
Course creation / enrolment
Coassemble Campus Administrators / Facilitators and Teachers can:
- organise Coassemble Users into Groups
- create content comprising Coassemble Courses and Modules
- associate Coassemble User Group/s with Course/s as desired
Note: Account maintenance
When a SAML authenticated account is used, the User profile is not maintained by Coassemble. The details pertaining to the user account eg. password are maintained as part of the standard operating environment, depending on your network. Consult your IT/Network Administrator for more details.