TalentLMS SAML Single Sign-On (SSO) Integration with Drupal as IdP

Overview

This guide will help you integrate Drupal as a SAML 2.0 Identity Provider (IdP) and TalentLMS as a Service Provider (SP) using the miniOrange SAML IDP module. This integration enables centralized user management and permission control, allowing users to access multiple applications with a single set of credentials. The module is compatible with Drupal 7, Drupal 8, Drupal 9, Drupal 10, and Drupal 11.

Installation Steps

Configuration Steps

Drupal SAML IdP Metadata:

• After installing the module on your Drupal site, in the Administration menu → navigate to Configuration → People → miniOrange SAML IDP Configuration. (/admin/config/people/miniorange_saml_idp/idp_setup)

• Under the IDP Metadata tab, click on the Download Metadata button. Open it on the notepad and copy the IdP information. Keep it handy. (This information is required to configure TalentLMS as SAML SP.)

Configure TalentLMS as Service Provider:

• Sign in to your TalentLMS account as Administrator, go to Home > Account & Settings > Users and click Single Sign-On (SSO).

• Enter the following values in resepctive fields:
• SSO integration type: From the drop-down list, select SAML2.0.
• Identity provider ( IdP ): Type the domain of SAML 2.0 identity provider.  
• Certificate fingerprint: Download the Certificate from IDP Metadata as mention in Step 1 and Open it in notepad. Copy and paste the content here.
• Remote sign-in URL: You can find this in IDP Metadata as SAML Login URL as mention in Step 1.
• Remote sign-out URL: You can find this in IDP Metadata as SAML Logout URL as mention in Step 1.
• The remaining fields are used for naming the SAML variables that contain the user data required by TalentLMS and provided by Drupal IdP. Those are optional, and they can be left blank for most SAML IdP deployments. In that case, their default values are applied.

Name	Attribute Mapping values provided from IDP
TargetedID	targetedid
First Name	User.FirstName
Last Name	User.LastName
Email	User.Email

• Group: The names of the groups of which the user is a member. This variable may be assigned a single string value or an array of string values for more than one group name. When there is a group by the same name in your TalentLMS domain, the user is automatically registered in that group at their first log-in. The user is also enrolled in all the courses assigned to that group.

• Click Save and check your configuration. If everything is correct, you’ll get a success message that contains all the values pulled from your IdP.
• Download the Metadata and keep it handy.

Configure Drupal as SAML Identity Provider:

• Navigate to the Drupal site and switch to the Service Provider Setup tab of the miniOrange SAML IDP module and click on the Upload SP metadata to expand it.

• Upload the metadata file downloaded from the TalentLMS.

• Once the configuration is successfully saved you will get a success message. Now, click on the Test link.

You have successfully set up TalentLMS as Service Provider and Drupal as Identity Provider.