How to decide between SSO and API
Still unsure if you should implement an API or SSO? These three questions will help you to decide if you should go with either, both, or neither types of integration.
Question 1: Do you need users to access your LMS without logging in?
If Yes, then you need SSO. Once you implement SSO, users will only need one set of credentials to access all applications. If you decide to use SSO in this context, you could include an “Access my Learning” button on your website or intranet. Once users click the button, they will be transported into the LMS to launch and complete their training, without needing to log in again.
If No, then you do not need SSO. You may still need an API, depending on your answers to the two questions below.
Question 2: Do you need users from a separate system to be created in your LMS?
If Yes, – Before we dive deeper into the API itself let’s consider a follow-up question: Did you need to implement SSO already? This question is worth considering because some systems, support simplified user synchronisations when implementing SSO. That means that SSO will not only seamlessly log users into the LMS, it can also provide additional settings that allow you to create or update users on the fly as well. That’s helpful because it means you might not even need to implement an API in order to sync users.
There are many varieties of SSO but one is SAML SSO. The SAML SSO module allows you to create or update users on the fly and automatically assign them to groups, increasing the types of automation
you can use to manage your user list. Before you jump into API, it’s worth asking your LMS vendor, or preferred third-party app, if they offer any type of user synchronisation as part of their SSO modules.
If No, then you don’t need to use an API with SSO. You might still find an API useful for reasons discussed in our third question below.
Question 3: Do you need to push data into or pull data from your LMS?
Yes, you do! You may need, for example, to export enrolment statuses, training history, or other types of data. You might also need to manage your user group memberships or user lists in other applications. Most LMS applications include reporting features that meet many of these needs.
In Improve, for example, we offer automated report scheduling, so you don’t need to remember to run reports. They’re emailed directly to your inbox when you need them. However, in some cases that level of functionality doesn’t quite cut it. You may still need to pull extra data and push it to external applications for further crunching.
Perhaps you would like to pull lists of users and groups and send the data to a managerial meeting to inform team restructuring. The list of potential uses really is endless. The question about whether to implement an API is all about automation. The most important point is that implementing an API enables you to access data in an automated way. Thus, avoiding the need for admins to log in, search, and report on data manually.
SSO can synchronise data
Systems can support simplified user synchronisations when implementing SSO. This means that SSO will not only seamlessly log users into the LMS, it can also provide additional settings that allow the system to create or update users on the fly, which can be a huge time saver as your user base grows!
SSO options
SAML
Security Assertion Markup Language or SAML is a mechanism for asserting that a user is who they say they are before granting them access to a particular application or resource. SAML can:
- Create new users and update existing users in the application.
- Sync your users with group memberships (linked to enrolment).
- Redirect users to a specific website page when an SSO request is rejected or when the user logs out.
Active Directory
If you’re using Active Directory, it can be turned into a SAML provider with a plugin called Active Directory Federation Services. This will use SAML as the SSO mechanism.
Signed Query String SSO
SQSSO is a lightweight Single Sign-On mechanism. It is used to silently log users into the LMS. Being lightweight doesn’t mean it’s less secure. Only that it’s a lot easier to implement than heavier set SSO modules such as SAML.
OKTA
You can integrate OKTA with your LMS to allows your OKTA users to access your portal easily through SSO.
Azure
Integrating your LMS with Azure AD provides you with the following benefits:
- You can control in Azure AD who has access to your LMS.
- You can enable your users to automatically get signed-on (Single Sign-On) with their Azure AD accounts.
- You can manage your accounts in one central location - the Azure portal.
G Suite
You can integrate your G Suite to allow your G Suite users to access your portal easily through SSO. You can
- Control in G Suite who has access.
- Allow your learners to launch your LMS from their G Suite.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article