Intellum offers multiple authentication options for your account. You can opt for simple login options (Password, Facebook and Google authentication), as well as SSO configurations (OpenID Connect, OAuth 2.0 and SAML), which provide direct connection between your company portal or internal website.
SIMPLE LOGIN CONFIGURATIONS
This option employs a simple username and password and it is the default login configuration for accounts.
Authenticates an account using Facebook’s login widget. When this option is used, Users will encounter a widget that logs the User in through their Facebook profile.
Authenticates using Google’s login widget. When you use this option, Users will encounter a login widget that logs the User in through their Google profile. Contact your implementation or account manager and they will enable this functionality for your site. You should update the following Settings:
- In Account Settings, select “Require logins to use SSL (HTTPS) connection” for SSL Login.
- If you want to restrict your login to any specific email domains, provide those to your implementation/account manager.
- If you want to enable this authentication only for specific branding organizations on your site, provide those to your implementation/account manager.
Finally, you may define the lookup attribute as either the UID or Email field of the User account.
OAuth 2.0 is an authorization framework that works by delegating User authentication to the service that hosts the User account, authorizing third-party applications to allow the User access to their account through these applications. If you’d like to use OAuth 2.0, provide your account manager with your OAuth 2.0 details, or work with them to put this option into motion.
OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol. If you want your Users to access Intellum through OpenID Connect, please contact your implementation or account manager and they will help you enable this for your site.
SAML is an XML standard for exchanging authentication and authorization data between security domains. If you are using SAML for your SSO integration, your implementation or account manager will assist you in the process of “trading metadata,” which ensures that the SAML process works successfully. This is a two-step process:
- The Intellum SP metadata file can be received at the following link: https://YOURSUBDOMAIN*.exceedlms.com/authentication/saml/sp
- Intellum will need either a link to your IdP Metadata endpoint or a text copy of your IdP Metadata XML file. The unique identifier for the employee should be in the NameID element of the SAML response, as per the standard.
Once you’ve posted a response to the staging environment, Intellum will check the logs and test it with our parser to confirm it works well with your configuration. Your implementation or account manager will work with you to coordinate this.
- YOURSUBDOMAIN is the site name created for your organization.