LearnDash Single Sign-On (SSO) | LearnDash WordPress SSO

LMS or Learning Management System is an e-learning technology that enables institutions or organizations to spread their courses virtually across the globe without the physical effort required in classrooms. It also allows the user to configure their content suited for their clients.
WordPress + LearnDash is one such powerful combination that enables institutions/organizations to create their own online courses and extend this functionality with the wide range of plugins WordPress provides. Using LearnDash they can modify the layout of their courses, make them more user-friendly and further subcategorize them and divide them into lessons and topics. It also helps them keep track of the progress of their clients/students /employees. The plugin itself has a variety of options, and the institution/organization also has the ability to add functionality using free and paid LearnDash add-ons.

Why Single Sign-On in LearnDash?

Addressing the requirement of limited access of the LearnDash site to students or complete inaccessibility to outsiders, the organization can set up SSO for their users using their organization ids. This would eliminate the infiltration of outsiders as well as save users the time of the lengthy signing up process and an additional set of credentials.
Let’s consider an example where we have a WordPress site in which LearnDash is installed to make/build courses and Woocommerce is installed to sell courses. We can see how SSO helps in limiting access to students and steer clear of outside intrusion.

As shown in the image above:

• When a student tries to buy a course from a WooCommerce site, they are redirected to the Identity Provider login page for login.
• Upon login, the student’s attributes and group information is fetched from the Identity Provider and mapped to the user in WordPress.
• Once the student information is mapped, he/she can complete the purchase from the checkout page and then access the course purchased.

In such a case, if a student tries to access a course without logging in, he/she is redirected to the IDP login page for authentication first. As the student progresses a course, course progress can be tracked and on the basis of study domain (group), they can receive updates and notifications of various other courses.

miniOrange provides SSO for LearnDash so that you can design your own courses in accordance with your requirements and provide your users with the facility of Single Sign-On to save them the tedious task of signing up and remembering new credentials.
With miniOrange as an SSO provider, your users will be able to use their personal or organization credentials (as designed by the course provider) to access the courses and track their record.
Once the user logs into LearnDash using IDP, they can save their credentials which will enable them to automatically log into LearnDash via the Identity Provider.

Why is miniOrange a great choice for LearnDash SSO?

miniOrange solutions provide varied features along with Single Sign-On which makes a plethora of LearnDash use cases possible. Some of them are listed below:

  Secure Shared Login

• Single set of credentials: Users can log in using their IDP credentials rather than creating a separate account for LearnDash.
• Shared Session: If a user already is logged in and has a session at IDP, he/she can automatically be authenticated and logged in the LearnDash site. Users can also terminate their LearnDash session as well as their Identity Provider session from a single click at LearnDash site.

  Profile attributes synchronization

• Profile Update: Users can edit their profile information in LearnDash and this information can be updated in the IDP for maintaining consistency.
• Tracking User Progress: User details on LearnDash site like enrolled courses, awarded points, certificates and quiz grades can be synced to the Identity Provider. This would help in maintaining users into groups at IDP based on their progress.

  Role-based access to resources

• Domain/University specific courses: Courses can be assigned/shown to users on the basis of the domain they study in.
• Admin access to Course Creators: Access to admin dashboard can be given to different types of users based on the groups in IDP or their role in WordPress.
• Membership Level Content: Content on the LearnDash site can be restricted to users on the basis of their membership level/payment plan.

  Multiple IDPs Support

• User login from multiple Identity Providers: Login using multiple IDP can be enabled on the LearnDash site. Users can be redirected to login with their IDP based on the domain of their email.
• Federated Single Sign On (SSO): Users have the ability to choose their university during LearnDash login and authenticate using their university credentials to access university specific courses.

  Multisite Support

• Access to specific LearnDash content: Access to content can be provided to users based on any attribute received from the IDP like the training they have enrolled for, university they belong to, etc.
• Domain based-login to LearnDash subsites: Allow users to login to only specific LearnDash subsite based on their email domain/university.

Prerequisite: Download and Installation

To setup Single Sign-On on your LearnDash site, you will need to install the miniOrange WP SAML SP SSO plugin:

• Log into your WordPress (WP) instance as an Admin.
• Go to the WordPress Dashboard → Plugins and click on Add New.
• Search for WordPress Single Sign-On (SSO) plugin and click on Install Now.
• Once installed click on Activate.

Configure WordPress SAML SSO Plugin for LearnDash SSO

To setup SSO into your LearnDash, you will need to setup the WP SAML SP SSO 2.0 Plugin with your Identity Provider (IDP). You can find step-by-step guides to setup the SSO with your IDP from here.

miniOrange supports SSO setup with all major SAML compliant IDPs like AzureAD, Okta, AzureB2C, ADFS, Salesforce, GoogleApps and so on.
If you have an IDP that is not mentioned in the list, contact us and we can help you setup SSO with your custom SAML IDP as well. For any assistance in configuring SSO contact us at samlsupport@xecurify.com.

How to initiate SSO from the LearnDash site?

1. Auto-Redirection from LearnDash site: If a login session is not found on LearnDash, the users are redirected to the IDP login page when they try to access any page/post on your site. This feature ensures that only authenticated users are able to access your LearnDash Site.
   

   Note: The Forced Authentication option forces the user to authenticate themselves each time they try to login into the LearnDash site, i.e., with every login attempt the user is forced to provide credentials on the IDP site, before accessing LearnDash.



2. Auto-Redirection from WordPress Login: This is an extension of Auto-Redirection from LearnDash site feature that redirects users to the IDP login page when they try to access any LearnDash site admin page i.e. wp-admin or wp-login.php.
   

   Note: This feature also has the additional functionality of backdoor access to your LearnDash site through your WordPress login in case you are locked out of your IDP.



3. Login button: This can be used to create a login button on the LearnDash site’s default WP Login Page. The users can click on the button to authenticate themselves into LearnDash via their IDP credentials. The button can be used as a shortcode/widget and aesthetics can be customized to match the theme of the site.
   This also provides you the ability to redirect all your users to WP login page when any page/post of your LearnDash site is accessed.


4. SSO links: This allows you to add a widget, shortcode, or link, anywhere (any page/post or header/footer) on your site for users to login to your LearnDash site using IDP credentials.

The plugin also supports IDP initiated SSO which would allow the users to automatically login to your LearnDash site by clicking on the application from your Identity Provider dashboard.

SAML Single Sign-On Addons

Once SSO is setup, you can checkout the following addons that can help you customize your LearnDash site and extend its functionality -

• LearnDash Integrator- LearnDash Integrator allows the mapping of user data into the LearnDash group via SSO, based on the attributes of the user received by the IDP. These roles can then be used to extend the site functionality further.
  
• Page Restriction- Page and post Restriction allows you to make only some part of your LearnDash site private i.e. some content of the LearnDash site can be accessed by only the users who have been authenticated by your IDP. Non-logged in users can be redirected to your IDP for authentication. It also provides content restriction based on the roles of users in LearnDash.
• Media Restriction- Media Restriction allows protection of any form of media, by restricting file access to only authorized users on your LearnDash site. Once the user is logged into LearnDash, media can be restricted based on the user's LearnDash roles as well.

Additional Resources

• What is Single Sign-On (SSO)?
• What is SAML?
• What is LearnDash?
• Zoom LearnDash SSO Use Case
• Map LearnDash user groups
• Frequently Asked Questions (FAQs)