Single Sign-On fulfills the most basic requirement of authentication with a single set of credentials in any business environment, increasing the efficiency in maintaining user data. Let us consider a case where a user would want to integrate Zoom lecture links to their corresponding LearnDash courses in WordPress, and how SSO will solve this use case using the Login using WordPress Users (WP as SAML IDP) plugin.

Scenario

You want to build an LMS system where you can sell courses to students and provide them with seamless access to their corresponding classes once they are logged in and enrolled in a course.

1. An LMS system over a WordPress instance, which uses LearnDash for providing multiple courses of different subjects so that the students can enroll in any course as per their choice of subject and lecturer.

2. Students exist in the WordPress LearnDash site and register for the course on the LearnDash site itself.

3. Each course is associated with a classroom that is provided via a Zoom meeting room. Once registered and enrolled for the courses, the students can access the Zoom classrooms for scheduled lectures from the LMS site itself.

Requirements

1. Zoom Single Sign-On

Once a student logs into the LMS site and registers for a course, they should be able to join the Zoom meeting room simply by clicking on the meeting link provided on the site i.e. they should not be prompted to re-enter their credentials in order to access the Zoom meeting room.

2. Zoom Classroom Access Control

Different Courses are created using Learndash, and each course has its separate Zoom link for lectures. The users should only be able to access the Zoom meeting rooms for the courses they have enrolled for. The users should not be able to access the meeting rooms for the courses they have not enrolled in yet, even if the student gets a meeting link for a course.

Components Involved in LearnDash Zoom SSO integration

• WordPress SAML IdP Plugin: We will use Login Using WordPress Users plugin. This plugin would be activated on the WordPress LearnDash site and would allow WordPress to act as an Identity Provider for user authentication into Zoom.



Login using WordPress Users ( WP as SAML IDP )
By miniOrange
(30)
Login with WordPress users to any application. SAML SSO or WSFED SSO into Tableau, Zoom, Moodle LMS, etc using WP users. [24×7 SUPPORT]
 Tested with 5.8.2
Get this plugin

• miniOrange broker: We will use miniOrange Broker to establish a trust relationship between the Identity Provider (WordPress site) and Service Provider (Zoom). This will help in authenticating user roles and define authorization levels for user groups.

Flow Diagram

Solution

1. Zoom Single Sign-On Solution

• To configure SSO into Zoom, we will use the “Enable Single Sign-On” option provided by Zoom.

• When a user clicks on the Zoom meeting link to access any of the courses that are created using Learndash, Zoom will send a SAML request for authentication to the miniOrange broker.
• The broker will redirect the user for authentication to WordPress login page by forwarding the SAML request to the WordPress site.
• Once the SAML Request is received on WordPress, the WP SAML IDP Plugin would process the SAML Request and the user will be prompted to authenticate on the WordPress login page. After successful user authentication, a SAML Response containing the user attributes will be sent to the miniOrange broker.
• miniOrange broker would relay the SAML Response to Zoom and upon receiving a successful SAML Response, Zoom would log the user in.

2. Zoom Classroom Access Control Solution

• To restrict access for unauthorized users in Zoom, we will use the option “Only authenticated users can join” provided by Zoom. We will also need to create policies in miniOrange broker which defines rules about which users have access to which course.
• When a user clicks on the Zoom meeting link to attend a class, Zoom will send a SAML request for authentication to the miniOrange broker.
• The broker will redirect the user to WordPress and forward the SAML request to the WordPress site.
• The WP SAML IDP Plugin would process the SAML Request and send a SAML response to miniOrange broker which contains the roles of the user.
• The miniOrange broker checks if the user roles in the SAML response are assigned to any of the policies that are created. If yes, the policy is applied to that user and a SAML Response is formed and sent to Zoom accordingly. If not, then a error message is generated and shown to the user.
• If the SAML Response is successful, Zoom logs in the user and provides authorization to the user for accessing the Zoom meeting room of the link.

End-user experience

Login flow for students who are registered on WordPress site and Enrolled for the courses.

• Lets say a user logs into the WordPress site, where he has enrolled for the courses.
• The user is prompted to enter the user credentials on the WordPress site.
• The student clicks on the zoom meeting link for the enrolled courses.
• After successful login students will be redirected to the Zoom meeting room.

Login flow for students who are registered on WordPress site or not Enrolled for the courses.

• Lets say a user trying to access a zoom meeting room of the courses which he has not enrolled for clicks on the link will get an error message.
• Then they are redirected to the Learndash site and prompted again for the course enrollment.
• After successful enrollment the student will be logged into the Zoom meeting room of their respective courses.

Additional Resources

• Single Sign-On with WordPress as SAML IDP
• SSO into Zoom as SP and WordPress as IDP
• miniOrange as Broker
• LearnDash integrator for WordPress
• Frequently Asked Questions (FAQs)