TIS Training API Documentation
  • Welcome!
  • Quick Start
  • Managing Users
  • Single Sign On (SSO)
    • General Options
    • Role and Group Mappings
    • Connection Types
      • Microsoft Entra ID (Formerly Azure AD)
      • Google Workspace
      • OpenID Connect (OIDC)
      • SAML (Security Assertion Markup Language)
  • SCORM Packages
  • Webhooks
  • API Reference
    • Users
      • 🔵GET users
      • 🔵GET users/seats
      • 🟢POST users
      • 🟠PUT users
      • 🟢POST users/password
      • 🟡PATCH users/enable
      • 🟡PATCH users/disable
      • 🔴DELETE users
    • Results
      • 🔵GET results
      • 🔵GET results/group
    • Groups
      • 🔵GET groups
      • 🟢POST groups/users
      • 🔴DELETE groups/users
    • 🔵GET courses
    • 🔵GET filters
    • 🟢POST login
    • â›”Standard Error Format
  • Webhook Reference
    • Standard Structure
    • Course Complete
    • Multi-Course Complete
  • OpenAPI Specification
Powered by GitBook
On this page
  • Configuration Options
  • Role and Group Mappings
  • TIS Platform Entity ID and ACS URL
  1. Single Sign On (SSO)
  2. Connection Types

SAML (Security Assertion Markup Language)

PreviousOpenID Connect (OIDC)NextSCORM Packages

Last updated 4 months ago

Setting up a SAML connection is an advanced task and may require assistance from an IT professional

You may manually configure a SAML provider for use with the TIS Platform. We recommend using if your provider supports it.

Configuration Options

Display Name - Required

This will be displayed to your users on the TIS Platform login screen as a "Sign in with [Display Name]" option. It will also be shown in the administration panel under your list of configured SSO providers.

Metadata XML

If your provider has supplied a metadata XML file, you may upload it here to auto populate the provider configuration fields.

Entity ID or Issuer URL - Required

The Entity ID for your SAML provider. This is sometimes referred to as the Issuer URL.

Sign-On URL - Required

The URL to redirect your users to for login. This can be obtained from your SAML provider.

Signing Certificate - Required

The signing certificate to use to verify the information passed to the TIS Platform by your provider. The certificate should be an X502 certificate provided as a Base64 string. Do not include starting or ending headers.

Merge Users Where Email Matches an Existing Account

We recommend leaving this disabled. For more details, please see .

First Name Attribute - Required

The attribute name in the SAML response that corresponds to the users first name. A first name must be mapped to login.

Last Name Attribute - Required

The attribute name in the SAML response that corresponds to the users last name. A last name must be mapped to login.

Employee ID Attribute

The attribute name in the SAML response that you wish to map to the Employee ID field on the TIS Training account. This is not required.

Email Attribute - Optionally Required

The attribute name in the SAML response that corresponds to the users email. This is not required if your SAML Name ID is an email address. An email must be mapped to login.

Role and Group Mappings

For more information on how role and group mappings work, please see Role and Group Mappings.

For role and group mappings using SAML, we use the SAML attributes passed by your provider. If you are unsure what attributes are being passed, you may complete the setup of the SAML provider, then use the "Test SSO Login" button to review the information passed to the TIS Platform by your provider. Mappings can be updated at any time by using the "Edit Provider" button.

TIS Platform Entity ID and ACS URL

Your provider may require an Entity ID and Assertion Consumer Service (ACS) URL when setting up the TIS Platform client. These are displayed after you have saved the SAML provider in the TIS Platform administration panel. If you need to view them again, please click the "Edit Provider" button, click "Next" and then "Save".

OIDC
Merge Users Where Email Matches an Existing Account