OpenID is a popular single sign-on technology that allows access to all company web-resources with the same credentials. In iSpring Market, OpenID Connect protocol works with the Okta identity provider — an authorization server that authenticates users and transmits info about a successful authorization to LMS.

Okta Authorization Server Configuration

  1. Log in to your Okta account and open the Applications section in the top menu. 



  2. In the Applications section, click on the Add Application button.



  3. Now, select Web and click Next.



  4. Then, proceed to configure the application. After you add all the data and select all the necessary options, click the Done button.

  1. Base URIsYour account web address: https://youraccount.ispringmarket.com
    Login redirect URIs

    The web address of the following format: https://youraccount.ispringmarket.com/sso/login/oidc

    Important:

    The SSO technology will work properly for the mobile application if you add a modified Login Redirect URI. You will need to swap the https extension to islearn.

    For example, use islearn://youraccount.ispringmarket.ru/sso/login/oidc instead of https://youraccount.ispringmarket.ru/sso/login/oidc

    Grant type allowedSelect the Refresh Token and Implicit (Hybrid) options.



Then, proceed to edit the application. 

  1. Open the Applications section in the top menu. 



  2. Click on the application name.



  3. Here, open the General tab and copy Client Id and Client secret.


Setting Up iSpring Market

  1. Sign in with your iSpring Market account and put the following link into the browser: https://youraccount.ispringmarket.com/settings/sso/oidc

  2. Check Enable OpenId login for this account. 

  3. Next, fill out the fields of the form and click Save Changes.

    Automatically add new users via OpenIDCheck this option to enable non-registered users to get added to iSpring Market when attempting to login.
    Response TypeThe response type issued by the authorization server.
    Return UrlThe web address of the page where non-authenticated users are redirected to.
    IssuerThe security token issuer. This value can be retrieved on the authorization server — it is the URL of your Okta account.
    Client IdThe client identifier that can be copied on the authorization server. 
    Client SecretThis parameter is used to authenticate the application when it is asking to get access to a user’s account. It’s created on the authorization server. 


Adding Users to iSpring Market

Even if users are not present in the iSpring Market database yet, they will be automatically added to the user list. The only thing that can prevent a new user from adding can be your subscription plan limitation

To create users when signing in with OpenID, we use the following parameters received from the authorization server:

Claim

Profile Field in iSpring Market

preferred_username

Login

email

Email

family_name

Last Name

given_name

First Name

Authorization without Open ID

If you have enabled OpenID in your iSpring Market account and for some reason can't log in using single sign-on, type the following web address: https://youraccount.ispringmarket.com/login?no_sso

Now you will sign in with the account, as usual, using your login and password.