Custom Single Sign on with 3rd party applications

Besides standard based SSO technique like SAML, EduBrite also supports single sign on with 3rd party systems using custom integration options. This article outlines few approaches that are supported.

1. LMS sign in page, with Service call

In this method, default sign in page of LMS is used. But LMS allows configuring an external authentication service to validate username/password submitted by the user on sign in page. Typically external authenticator will have a mechanism to register the LMS as an app and get the necessary keys to make the service call.


2. External sign in page, with Token Exchange

In this method, the 3rd party provides a sign in page, LMS can provide a redirect mechanism to by pass default sign in page, or a link can be added in default sign in page. Users will enter their credentials on 3rd party sign in page, which will be validated by that system. Once user is authenticated successfully, they will be redirected to EduBrite with an encrypted token in the URL parameter. This encrypted token can be used in following ways 

  • If user's information is contained in the token itself, like a JSON string containing username, email, first/last name as min set of fields, then LMS can decrypt the token and check whether user exists in the system or not. If the user exists, they will be signed in in trusted manner transparently. If the account doesn't exist and Auto Provisioning is enabled, then user's account will be created by LMS automatically, by using the information extracted from the token, and user's session will begin. LMS and 3rd party would need to agree upon common encryption methods and they have to negotiate keys used for encryption. Both sides can use same keys (shared secret key) or key-pairs (public/private key).
  • If the token doesn't directly contain the user's information, rather it allows the LMS to make a service call to 3rd party, to fetch the user's details. LMS can make the simple http calls and/or web-service call to 3rd party. EduBrite already has some pre-built mechanism to invoke external authentication services.


Please consult with EduBrite support team to discuss these approaches and take any assistance to integrate EduBrite with your custom system.