Single Sign On (SSO)

SSO works by connecting your Infosec Skills account to any Identity Provider that supports the SAML 2.0 standard. When SSO for Learner Authentication requests the learner’s identity from your identity provider, it checks the unique identifier for that learner against the unique identifier associated with the learner in Infosec Skills.

Configure SP- and IDP-initiated SSO

To begin using SSO, Infosec Skills will require the URL of your Identity Providers metadata endpoint.

  1. Go to Teams and select Single Sign-On from the navigation menu.

  2. Use the information provided in Service Provider (Infosec Skills) Information section to configure your identity provider (hint: you can click the “copy to clipboard” button to the right of each field to easily copy the information to your clipboard for easy pasting into the proper field in your identity provider configuration). Use the links below for configuration instructions on these common SAML Identity providers.

  1. Configure your identity provider to provide a NameID with a unique identifier in the response it provides to Infosec Skills when the user’s identity is requested. For each learner, also include learner attributes including email address, first name, last name, (optional) title, (optional) department. If the learner already has an Infosec Skills account, the learner will be prompted to verify their account and a unique identifier will be associated with the existing email. If the learner does not already have an Infosec Skills account, the learner will be created and added to that Teams account. Note that this must be the email address associated with the learner in Infosec Skills.

  2. While configuring your identity service provider, copy the url of the provider’s metadata endpoint so you can paste it in Infosec Skills. Alternatively, copy the raw XML of the provider’s metadata endpoint and paste into Infosec Skills. Either will return the same result. Click Save button.

When the “Automatically add my learners” box is left unchecked, a learner would have to be manually uploaded before authenticating with SSO.

  1. Click Enable. Infosec Skills will not allow you to enable SSO if there are problems with your IDP configuration.

  1. You are now set up for IDP-initiated, as well as SP-initiated SSO. In order to take advantage of deep linking into any webpage in Infosec Skills, add a “?sso-account=” and your unique single sign on account to the end of any URL. For example, to direct your users to Infosec’s CCNA Learning Path, if your unique SSO account was “infosec-cs-team” as seen below, you would use the URL

Note that “sso-account” is a query parameter, and can be used in combining multiple query parameters for a URL (e.g. ?query-param=value&sso-account=your-account).

  1. After you enable SSO, new learners will be created by default in Infosec Skills upon their first authentication via SSO. If you prefer manually uploading learners via CSV or as individual users, uncheck this box and Save.

  2. If you experience any authentication issues with SSO, you can click the Download CSV button to review detailed authentication errors to help you troubleshoot.

Need some additional assistance?

If you are experiencing issues with the learner authentication setup please use the “?” in the lower right corner of any Infosec Skills page to submit a support ticket.