Setup LC with ADFS as Identity Provider Set up LC to enable ADFS authentication Add LC as relying party on ADFS server Set up SAML Authentication Mapping
Related Articles
External authentication providers Setup LC with ADFS as Identity Provider

Set up LC to enable ADFS authentication

Last modified on one year ago

LC Admin needs to set up an external course, groups, and customer’s AD FS federation metadata to authenticate the AD users to the system. 

1. Adding the Customer’s federation metadata URL to LC Federated issuer

  • Go to Installation Setup. (System Admin)
  • In the Federated Issuers tab, click Add New to add the Customer’s federation metadata URL.

  • Type the title, and then select ADFS as issuer type.
  • Enter the identifier with the following format: Identifier format [urn:] + [identifier name].  Example: urn:nlctruewarpit
  • Enter the ADFS federation metadata URL. Once finished, click Save

  2. Set up an external course

  • In Course Admin, go to Course Editor.
  • On the Settings tab, enable Is External Course, and then click on the External Course URL Bindings button.

  • On the External Course Settings, click Add New URL. 

  • Select an Impersonated User.
  • Enter the External Course’s URL, and then choose the created Federated Issuer.

3. Set up Domain groups

Domain group will determine if an AD user would become an Admin, a User, or both on a course after it gets authenticated. There are two options for setting this up.

  • Preselected groups - This will be used if you want to set the same security levels for all AD Users.
  • ADFS Groups -  This should be used if you want to set different security levels based on AD Groups. This setup will use AD Groups as a claim, and it will map to corresponding Groups on LC.

3.1 Setup ADFS Group Type

ADFS Group Type would be used to categorize all AD Groups. One AD group should have a corresponding LC Group matched for LC. 

See the example below: 

  • TWIAdmins – for admin roles (Course Admin)
  • TWIUsers - for user toles (User)

3.1.1 Adding Group Types

  • Go to Domain Admin. On the Groups page, click Edit Group Types.
  • Type in the group type name and description. Click Save.

3.1.2 Adding groups to ADFS Group types

Enter all the groups needed. See screenshots below.

  • Go to Wizards and click Create new group.
  • Enter the group title and select the group type TW ADFS Groups. Click Save
 

 

Comments

No comment available