Users- How to set up Single-Sign-On

If you want to make it possible for your users to access content in Litmos without having to log in directly via your Litmos login page, then you can achieve this by using the Litmos API.

In order to make it happen you will have to follow these steps:

  1. Make a GET request to the Litmos API for a given user
  2. Redirect the users browser to the url provided in LoginKey field of response from step 1.

Note:

  • The LoginKey changes everytime it is used so don’t store it anywhere. You need to make a fresh request for every login.
  • If you create the user via the API and you dont want them to set their own password ever you need to added the<SkipFirstLogin>true</SkipFirstLogin> item to your create user request.

 

How to get a unique Litmos user id

Every user in Litmos has a unique id that will not change regardless of whether or not they change their email address which is what they usually login using.

To make life easier we suggest that you store the unique user id in your own system so that you dont have to first GET the user id before each call.

To get all of the users in your account you can make a call to GET /users which will provide a list of users including their id’s.

eg.

GET https://api.litmos.com/v1.svc/users?apikey=YOUR_API_KEY&source=sampleapp

<Users> 
   <User> 
   <Id>abc12345678</Id>  
   <UserName>rich_demo@litmos.com</UserName>  
   <FirstName>Rich</FirstName>  
   <LastName>Chetwynd</LastName>  
   </User>  
   <User>  
   <Id>81818ajsajh</Id>  
   <UserName> dan_demo@litmos.com</UserName>  
   <FirstName> Dan</FirstName>  
   <LastName> Allen</LastName>  
   </User>  
</Users>

If you want to get back one specific user then use the search variable in your querystring.

eg.

GET https://api.litmos.com/v1.svc/users?apikey=YOUR_API_KEY&source=sampleapp&search=rich@litmos.com

<Users> 
   <User>  
   <Id>abc12345678</Id>  
   <UserName>rich_demo@litmos.com</UserName>  
   <FirstName>Rich</FirstName>  
   <LastName>Chetwynd</LastName>  
   </User>  
</Users>

How to get a users LoginKey

Once you have the user id that you want to sign on you need to make a GET request to /users/{user-id} or /users/{username} which will return information about the user. Included in this is a LoginKey which you can use to redirect the users browser to. 

eg.

GET https://api.litmos.com/v1.svc/users/abc12345678?apikey=YOUR_API_KEY&source=sampleapp

<User> 
   <Id>abc12345678</Id>   
   <UserName>rich_demo@litmos.com</UserName>  
   <FirstName>Rich</FirstName>  
   <LastName>Chetwynd</LastName>  
   .....  
   <LoginKey>https://demo.litmos.com/login.aspx?loginkey=xxxzzzyyy777222</LoginKey>  
</User>

Removing the logout button

To hide the standard title bar you can append the querystring parameter &titlebar=false to the LoginKey  i.e https://demo.litmos.com/login.aspx?loginkey=xxxzzzyyy777222&titlebar=false

Log straight into a course index/landing page

You can do a single sign on and then redirect the learner straight to a course's index/landing page rather than just to the generic learner home page. To do this you need to append a querystring key named “c” to the SSO login url. The value for “c” will be an OriginalId for the course.

You can find the OriginalId for a course by making a call to GET /courses.

eg. https://demo.litmos.com/login.aspx?loginkey=xxxzzzyyy777222&titlebar=false&c=12344556

Single Sign on through SAML

Single sign on through SAML uses SAML 2.0 protocol and currently is only IdP initiated, meaning all SAML requests must come from a website outside of Litmos.  See the article(s)on using Litmos with Okta and OneLogin for more information.

 

Have more questions? Submit a request

0 Comments

Article is closed for comments.