With Single Sign-On (SSO), users can sign in to 2LRN4 using their existing organizational account. This reduces friction for employees, lowers password-related issues, and makes access easier to manage.
Note: SSO always requires coordination with your Identity or IT team. Setup requires information from your Identity Provider (IdP).
Benefits of SSO
- Faster, easier sign-in for employees
- Fewer password resets and support requests
- Central control through your Identity Provider
- Faster offboarding (access ends with the account)
High-level approach
- Determine which Identity Provider you use (e.g., Entra ID/Azure AD, ADFS, or another SAML/OIDC provider).
- Collect the required IdP details (metadata or endpoints, certificates, and identifiers).
- Have support or an admin enable and configure SSO in 2LRN4.
- Test with a small group of users.
- Roll out SSO in phases across the organization.
Security and administration
- Enable MFA on your organizational accounts where possible.
- Restrict admin roles and monitor sign-in attempts.
- Use a test account and a separate test group for changes.
Common considerations
- Which unique identifier is used (e.g., email or immutable ID).
- Which attributes are shared (name, department, role, etc.).
- How account changes are handled (name change, new email, offboarding).
Would you like to set up SSO or are you running into an error? Please contact support. Include which IdP you use and, if possible, share the relevant metadata.