How SSO works

When a learner accesses a Skillsoft Platform link, the platform sends a request to the Identity Provider (IdP) for authentication. That request can be processed in one of the following ways:

  • If the learner exists in the IdP, and has permission to access the platform, then the IdP sends User Details and a Success response back to the platform. The Skillsoft Platform then verifies that the learner in the SAML response has an account.

  • If an account exists, then the platform updates any account information and logs the user in.

  • If the account does not exist, and auto-create is enabled, the platform automatically creates a new account with information from the IdP.

  • If the learner does not exist in the IdP or does not have permission to access the platform, the IdP sends a Failure response back to the platform and the platform denies access.

Similar to the sign-in account creation process, when learners launch a Skillsoft content asset in your LMS, the item opens in the Skillsoft Platform. This is accomplished using single sign-on (SSO). For first-time users this SSO process creates a new account enabling the platform to store user activity and manage the user experience. 

Percipio user, percipio, corporate SAML identity provider flow chart

Both account creation processes can also be used to determine which Skillsoft content should be licensed to the user enabling you to deliver purchased content to specific target audiences. Some deployment scenarios may require a more complex user management process which utilizes configurable user attributes and could be served through other methods such as an integration with your HR system.

You can identify a user attribute any way you want in the platform and map it to a relevant field from your identity provider. If you want to capture more user attributes than your identity provider offers, you can pair SSO with a data feed from an HRIS system. See Approaches for Creating User Accounts for additional details.

SAML Technology in the Skillsoft Platform

Parameter Description
Service Provider (SP) Initiated Login Service Provider Initiated means the user accesses the platform first and then they are redirected back to their IdP provider to authenticate. This login method is the only one that supports “share links” from LMS deployments.
Identity Provider (IdP) Initiated Login IdP Initiated means the user can be pre-authenticated by your system before being directed to the platform.
SAML Signed Authentication Requests Supports sending Signed authentication requests to your identity provider, if required
SAML Encrypted Authentication Requests Supports sending Encrypted authentication requests to your identity provider, if required.
SAML Signed Response Supports signed SAML responses from your identity provider.
SAML Encrypted Response Supports encrypted SAML responses from your identity provider.

Security certificates

Signing and Encryption certificates – The platform uses a Skillsoft issued self-signed certificate for all deployments.