Administrators
      Back to home
      1. Knowledge Base
      2. Administrators

      Setting Up SAML Single Sign-On (SSO) for Scandlearn LMS3 with Google Workspace

      This guide outlines the steps to configure Google Workspace as the Identity Provider (IdP) for Scandlearn LMS3 (Production Environment).

      Prerequisites:

      • Super Admin access to the Google Admin Console.

      • Admin access to the Scandlearn LMS3 panel.

       

      Phase 1: Create the App in Google Workspace

       

      Since Scandlearn requires your Google credentials before generating the final connection URLs, we must first set up the app with temporary details.

      1. Log in to the Google Admin Console.

      2. Navigate to Apps > Web and mobile apps.

      3. Click Add app > Add custom SAML app.

      4. App Name: Enter a name (e.g., "Scandlearn LMS") and click Continue.

      5. Google Identity Provider Details:

        • Copy the SSO URL.

        • Copy the Entity ID.

        • Download the Certificate.

        • Keep these details accessible, as you will need them in Phase 2.

        • Click Continue.

      6. Service Provider Details: Enter the following temporary URLs to bypass this screen:

        • ACS URL: https://app.scandlearn.net/sso/temp/acs

        • Entity ID: https://app.scandlearn.net/sso/temp/metadata

        • Click Continue.

      7. Click Finish (we will configure attributes later).

       

      Phase 2: Configure Scandlearn & Retrieve Real URLs

       

      1. Open a new tab and log in to your Scandlearn Admin Panel.

      2. Navigate to the SSO configuration page: https://app.scandlearn.net/admin/configure/sso/saml

      3. Enter the data you copied from Google in Phase 1:

        • Entity ID (Ex: Microsoft Entra Identifier): Paste the Google Entity ID.

        • Login URL: Paste the Google SSO URL.

        • Logout URL: Paste the Google SSO URL (or your preferred logout redirect).

        • SAML Certificate: Open the certificate file you downloaded with a text editor (e.g., Notepad), copy the entire text string, and paste it here.

      4. Click Save.

      5. Important: Once saved, an orange box titled "Important Notice" (or Basic SAML Configuration) will appear on the right side of the screen.

      6. Copy the generated Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL).

         

       

      Phase 3: Update Google with Production URLs

       

      1. Return to the Google Admin Console and open the app you created in Phase 1.

      2. Click on Service provider details.

      3. Replace the temporary URLs with the specific production URLs you just retrieved from Scandlearn:

        • ACS URL: Paste the Reply URL from Scandlearn (Ensure it ends in /acs, NOT /login).

        • Entity ID: Paste the Identifier (Entity ID) from Scandlearn.

      4. Click Save.

         

       

      Phase 4: Configure Attribute Mapping

       

      Scandlearn requires specific user attributes to identify accounts correctly.

      1. In the Google app settings, click on SAML attribute mapping.

      2. Click Configure SAML attribute mapping (or Add Mapping).

      3. Add the following three mappings exactly as shown below:

      Google Directory Attribute App Attribute
      Primary Email email
      Primary Email principalname
      First Name name 
       

      1. Click Save.

       

      Phase 5: Activate the Application

       

      1. In the Google app menu, click on User access.

      2. Change the status from "OFF for everyone" to ON for everyone (or assign to specific organizational units).

      3. Click Save.

         

       

      Verification

       

      To verify the connection:

      1. Open an Incognito/Private browser window.

      2. Go to the Scandlearn login page.

      3. Click the "Login with SSO" button (or enter your email to trigger SSO).

      4. You should be redirected to Google for authentication and then immediately back to Scandlearn, logged in successfully.