ExecOnline supports Single Sign-On using SAML 2.0, integrating with major Identity Providers including Azure, Okta, OneLogin, and more based on request/inquiry.
To initiate an SSO integration with ExecOnline please ask your organization's IT lead to complete our technical intake form. An ExecOnline representative will be in touch once the form is submitted.
Configuration
Single Sign-On integration with ExecOnline requires an Identity Provider to pass a few SAML attributes, formatted as follows:
firstName
lastName
email
employeeNumber
SAML Subject NameID
Custom SAML attributes can also be included in the SAML payload; for example, an alternate employee ID, a user’s organizational group, a user’s region, etc.
Process
Each Identity Provider will have a slightly different process to set up ExecOnline
as a SAML application.
As part of our Technical Kickoff onboarding process, ExecOnline will provide a Single Sign-On Technical Primer intake to begin a new configuration with ExecOnline.
User Experience
Our Single Sign-On workflow is Service Provider-Initiated. The user experience follows the below steps:
Users launch an ExecOnline URL or receive an invitation from ExecOnline
Users are redirected to their Identity Provider for authentication
Users return to the proprietary ExecOnline platform containing the programming of interest
Users are prompted to accept ExecOnline’s Privacy Policy and Terms of Use upon registration
Note: At this time, Identity Provider-initiated SSO is not supported.
Service Areas
ExecOnline leverages Okta as an Identity Provider (IdP) Broker. In support of our customers' and Okta's existing contractual obligations with respect to U.S. export control laws, Okta customers are not permitted to access the Okta Service (including the Auth0 Platform) from Cuba, Iran, North Korea, Syria, the regions of Crimea, Luhansk or Donetsk without prior approval from the U.S. Government. This restriction applies even if a User is temporarily visiting any of the aforementioned regions.