With class-level SSO authentication, students only need to remember the access credentials for their SSO identity provider. CloudShare does all the background work for matching each user sign on with the relevant class.
Using class-level SSO makes logging in to the training environment simpler, giving the entire training experience a better start. It also offers additional branding opportunities.
Class-level SSO connections are available only when pre-configured for your account. Contact your CloudShare support representative for setup.
A user with the appropriate Role permissions can enable SSO when creating or editing a class:
With class-level SSO enabled, students will receive an invitation link that takes them directly to the chosen SSO provider, where they log in:
After successful login to the organization SSO provider (for example Okta, as shown above), students are taken directly to their CloudShare environment, without the need to enter any additional credentials.
When required, CloudShare will verify that a student is actually registered for the class before sending them to the SSO provider.
Classes that use LTI-based access (LMS integration) will automatically authorize the students based on the LMS authorization.
Before SSO can be configured, a CloudShare System Admin must enable the Is End Users SSO Visible feature flag for the account. For assistance, contact CloudShare Support.
An Account Manager performs Step 1 through Step 3 below to set up and test a SSO platform connector with the desired IdP. Following this setup, a Project Manager can enable and select the relevant SSO connector for the class.
On the General page, click Add Single Sign-On (SSO) Connector near the bottom.
The page will be redirected to CloudShare's SSO platform vendor, displaying all available SSO identity provider (IdP) options.
Select the desired IdP and click Get Started, following that vendor's procedure for configuring the SSO connection.
Test the new SSO connection with your selected vendor:
Only successfully tested SSO connections can be assigned to an account.
When the SSO connection is set up and tested, a Project Manager can confirm to that the Enable Single Sign-On option is enabled in the Settings panel for the desired Project. (This option appears in the Class Setup section of the panel.)
If multiple SSO connections are configured for the account, the Project Manager can choose which connection will be available for each Project.
Following configuration, the SSO connection will be available as an access choice for any class that is created in the enabled Project. For more details, see Enabling SSO for Classes, above.
An Account Manager can edit an existing SSO connection by clicking the Setup icon for the desired SSO connection:
An Account Manager can delete an existing SSO connection, as long as it is not in use by an existing class (either scheduled or running).