Configuring SSO with SAML

One solution to setting up Single Sign-On (SSO) is to configure SSO for your domain using SAML. On the BrainHoney side the configuration steps are simple:

  1. Add an authentication tag to the domain customization specifying that SAML authentication should be used for the domain.
  2. Upload an idp meta file named idp-meta.xml to the domain and put it in the domain content under a folder named SAML (the idp-meta.xml file comes from your SAML IDP).

If you need to configure the metadata on your SAML IDP server, enter the following URL into a browser to download the metadata from BrainHoney. Substitute [userspace] with the domain userspace of the Brainhoney domain you are using. For example, if your brainhoney domain is "," the userspace would be "myacademy."

Version 1: https://[domain]/saml/metadata.ashx
Version 2:[userspace]/metadata.xml

Add the SAML authentication tag to your domain customization
SAML Customization XML

When using SSO, the users must exist in the current domain. You can optionally login users from a different domain by providing a loginprefix. BrainHoney uses the SAML configuration from that domain. You do not have to upload the idp-meta.xml file into this domain.

<authentication loginprefix="OTHERDOMAINPREFIX">
  <provider type="SAML">
Upload your idp-meta.xml file
Upload SAML configuration

  • Log into your domain as an administrator
  • Click the gear icon to go to the administration page
  • Click on the Content tab
  • Click Upload Content
  • Choose your idp-meta.xml file
  • Enter SAML in the Upload Folder field to specify that the file should be uploaded to the SAML folder (which will be created if it doesn’t already exist)
  • Upload content
  • Click OK
  • Verify that your idp-meta.xml file has been uploaded to your domain and is in the SAML folder

Test your configuration
Question Bank

Now, when you browse to your domain you will see a login page with a large Login button.

Normally you won’t see this page since you will have logged in to your SAML IDP prior to browsing to BrainHoney, but it’s useful for testing. Clicking the login button should direct you to your SAML IDP login page. Clicking the Use BrainHoney credentials link will allow you to bypass the SAML configuration and login to BrainHoney without using SAML.