Single Sign-On (SSO) simplifies and secures access to the Teach Up platform for course authors, administrators, and participants. This article guides you through configuring and using this feature.
Table of Contents
- What is SSO?
- Benefits of SSO on Teach Up
- Supported protocols
- Setting up SSO
- User experience with SSO login
- The technical process of SSO
- Frequently Asked Questions
What is SSO?
Single Sign-On (SSO) is a centralized identity solution that allows users to log into multiple applications using a single authentication session. On Teach Up, this feature enables course authors to access the Teach Up studio and participants to join their courses with a single click using their work credentials.
Benefits of SSO on Teach Up
- User Convenience: Sign in with one click using internal credentials, without needing to remember multiple logins and passwords.
- Security: Simplifies the implementation of the company’s security policy.
Supported Protocols
Teach Up uses the Keycloak authentication solution, which supports the following protocols:
- OpenID Connect
- SAML 2.0
- OAuth 2.0
Setting up SSO
Two login options are available:
- SSO Only Login: Only SSO can be used for logging in.
- SSO and Login + Password: Both SSO and standard login are available for access.
User Experience with SSO Login
For a Teach Up course author/administrator
- The author/administrator logs in at https://app.teachup.com/login.
- They click the "Login with SSO" button.
- They accept the Terms of Service (only required on the first login).
- Their account is automatically created with their name, surname, and email, granting access to the Teach Up studio.
Note: The author/administrator’s password is never stored or visible on Teach Up.
For a training participant
- The participant clicks on the course link.
- They click the Login with SSO button.
- They accept the Terms of Service (only required on the first login).
- Their account is automatically created with their name, surname, and email, granting access to the course.
Note: The participant’s password is never stored or visible on Teach Up.
For a participant accessing a SCORM-Based course
Participants do not need to log in with SSO. The LMS manages their authentication within Teach Up.
The Technical Process of SSO
- The user attempts to log in on Teach Up.
- An authentication request is generated and redirected to Keycloak.
- Keycloak identifies the SSO client via the URL.
- The user is authenticated.
- An authorization code is sent back to Teach Up.
- Teach Up sends a token request to Keycloak.
- A token is sent to the user, granting access through SSO
Frequently Asked Questions
Does SSO handle User Provisioning/Deprovisioning?
No, Teach Up does not handle user provisioning or deprovisioning. Participant accounts are created when they click on a course link or are pre-assigned. Account deletion remains a manual action for the account administrator.
What data does Teach Up retrieve via SSO?
Teach Up retrieves users’ first names, last names, and email addresses.
Is SSO retroactively compatible?
Yes, existing user accounts in Teach Up will be recognized and merged based on the email address if SSO is implemented later.
What should I do if a user can no longer log in with SSO?
If a user is removed from the client’s SSO, they will no longer be able to log in via SSO. If login with a username and password is also enabled, the user can still log in this way unless their account is manually suspended by an administrator.
Which protocols does Teach Up’s SSO support?
Teach Up supports OpenID Connect, SAML 2.0, and OAuth 2.0 through Keycloak.
Is the user’s password stored on Teach Up?
No, the user’s password is never stored or visible on Teach Up.
How do I enable SSO on Teach Up?
Please contact support@teachup.com for more information.