How do I configure Single Sign-On with G-Suite?

LearnPlatform integrates with any Identity Provider that implements Single Sign-On (SSO) with SAML 2.0. This guide outlines how to set up SSO with G-Suite.

Prerequisites include:

  • Organization Administrator access to your organization’s LearnPlatform account
  • GSuite Domain Administrator access through your organization
  • Your organization’s LearnPlatform subdomain: This must be listed in your setting configurations

Note: Once enabled, our system does not notify your staff that they have access to LearnPlatform.

Open Single Sign-On Page

Open Single Sign-On Page

Sign in to your LearnPlatform administrator account. Click the Settings link [1] and then click the Single Sign-On tile [2].

Enable Single Sign-On

Enable Single Sign-On

Click the Single Single-On Type drop down menu [1], and select the SAML 2.0 option [2].

Copy Callback URLs

Copy Callback URLs

Click the Use organization domain for callback urls toggle on [2], and then copy the following URLs:

  • AssertionConsumerService (ACS) URL/callback url [2]: Your ACS URL in your Service Provider Details for the LearnPlatform app is https://[YourSubDomain].app.learnplatform.com/users/auth/saml/callback/
  • Entity ID/Metadata URL [3]: Your Entity ID/Metadata url in your Service Provider Details for the LearnPlatform app is https://[YourSubDomain].app.learnplatform.com/users/auth/saml/metadata/

Configure G-Suite

Configure GSuite

In a separate window or tab, sign in to your G-Suite administrator dashboard (e.g., admin.google.com). Then click the Apps tile.

Open Apps

Open Apps

In the Apps page, click the Web and mobile apps tile.

Add App

Add App

In the Add App drop-down menu [1], click the Add Custom SAML app link [2].

Add App Details

App Details

In the App details window, enter LearnPlatform in the App name field [1].

Download the default image, and then upload the image as the App icon [2].

To save the details, click the Continue button [3].

Configure SSO

Configure SSO

Copy the below details and then paste it into the associated field in the LearnPlatform's SSO setup page.

  • SSO URL [1]: Identity Provider Redirect URL in LearnPlatform
  • Entity ID [2]: Identity Provider Logout URL in LearnPlatform
  • Certificate [3]

Click the Continue button [4].

Note: In the Certificate field, make sure to not include extra spaces or change the formatting of the certificate. You can use Notepad or a similar app to remove formatting.

Add Service Provider Details

Add Service Provider Details

In the Google Admin Console, enter the callback URLs in the following fields:

  • ACS URL [1]: This is the first callback URL ending in “/callback/”  in LearnPlatform
  • Entity ID [2]: This is the second callback url ending in “/metadata/” in LearnPlatform 

Note: Make sure you capture the backward slash (/) at the end of each of these Entity ID and ACS URL and avoid any spaces. If the URLs are not identical, your setup may not work properly.

Add Mappings

Add Mappings

Click the Add Mapping button.

Add Attributes

Add Attributes

To add mappings in the Google Admin Console, enter the following attribute mapping fields (no spaces and appropriate capitalization):

  1. Select the Primary email Google Directory attribute on the left. Enter email as its App Attribute.
  2. Select the First name Google Directory attribute on the left. Enter FirstName as its App Attribute.
  3. Select the Last name Google Directory attribute on the left. Enter LastName as its App Attribute.

Once you completed the mapping, click the Finish button [4].

Set User Access

Set User Access

To change the User Access setting, click the OFF for everyone link.

Turn On User Access

Turn On User Access

Select the ON for everyone radio button [1]. Then click the Save button [2].

Add Attribute Mapping Fields in Learn Platform

LearnPlatform’s SAML setup page

Go back to LearnPlatform’s SAML setup page and enter the same attribute mapping fields you added in your Google Admin Console. Remember to match both case and exact formatting.

View and Apply SSO in LearnPlatform

View LearnPlatform SSO set up page

View your final LearnPlatform SSO set-up page. Then click the Apply button.

Notes:

  • Bookmark your LearnPlatform Login: [YourSubDomain].app.learnplatform.com/users/sign_in/.
  • You can find your subdomain in Display Appearance settings.
  • The settings may take up to 24 hours to apply to all users.

Troubleshooting

If you have questions or need additional support, please refer to Troubleshooting: Google Single Sign On (SSO) for SAML or email support-lp@instructure.com.