Single Sign On (SSO)

Introduction

Infosec Skills can be integrated with your SSO provider to provide seamless learner authentication to the Skills platform. Infosec Skills can connect to any Identity Provider (IdP) that supports the SAML 2.0 standard.

Note: The email address used for the learner in Skills must match the email address in the IdP.

Configure SSO

You will need the URL of your Identity Provider’s metadata endpoint.

1. Go to Teams and select Single Sign-On from the navigation menu.
   

2. Use the information provided in Service Provider (Infosec Skills) Information section to configure your identity provider You can click the button to the right of each field to easily copy the URLs. Use the links below for configuration instructions on some of the common SAML Identity providers.

   • Azure Active Directory (AD)
   • Active Directory Federated Services (ADFS)
   • Google Suite SSO
   • Okta SSO

3. Configure your identity provider to provide a NameID with a unique identifier in the response it provides to Infosec Skills when the user’s identity is requested. For each learner, also include learner attributes including email address, first name, last name, (optional) title, (optional) department. If the learner already has an Infosec Skills account, the learner will be prompted to verify their account and a unique identifier will be associated with the existing email. If the learner does not already have an Infosec Skills account, the learner will be created and added to that Teams account. Note that this must be the email address associated with the learner in Infosec Skills.

4. While configuring your identity service provider you can either use the metadata URL, or the raw XML.

When the “Automatically add my learners” box is left unchecked, a learner would have to be manually uploaded before authenticating with SSO

5. Click Enable. Infosec Skills will not allow you to enable SSO if there are problems with your IDP configuration.

6. You are now set up for either IDP-initiated or SP-initiated SSO. In order to take advantage of deep linking into any webpage in Infosec Skills, add ?sso-account= and your unique single sign on account to the end of any URL. For example, to direct your users to Infosec’s CCNA Learning Path https://app.infosecinstitute.com/portal/skills/path/464, if your unique SSO account was infosec-cs-team as seen below, you would use the URL:
   https://app.infosecinstitute.com/portal/skills/path/464?sso-account=infosec-cs-team
   Note that sso-account is a query parameter, and can be used in combining multiple query parameters for a URL, e.g. ?query-param=value&sso-account=your-account

7. After you enable SSO, new learners will be created automatically in Infosec Skills the first time they authenticate. If you prefer manually uploading learners via CSV or as individual users, uncheck this box and Save.

8. If you experience any authentication issues with SSO, you can click the Download CSV button to review detailed authentication errors to help you troubleshoot.

Need some additional assistance?

If you are experiencing issues with the learner authentication setup please use the “?” in the lower right corner of any Infosec Skills page to submit a support ticket.