Follow this guide to install ExecOnline’s Single Sign-On integration and link your identity provider with the ExecOnline platform. The installation process has four main parts:
Install ExecOnline as a SAML App in Your IdP
Send Your IdP Metadata to ExecOnline
ExecOnline Finalizes the SAML Configuration
Complete & Test Your SSO Setup
That’s it - once testing passes, your learners will enjoy seamless, mobile-friendly SSO access, with licensing controls handled entirely by ExecOnline.
Part 1: Install ExecOnline as a SAML App in Your IdP
IT leads can begin by configuring the ExecOnline SAML application within their Identity Provider. In your IdP console:
Create a new SAML 2.0 application named “ExecOnline.”
Enter ExecOnline’s Service Provider metadata (below).
Save/apply to complete the install of the ExecOnline app.
ExecOnline App Details & SAML Metadata
Field Name | Value |
App Name | ExecOnline |
App Description | In partnership with the world’s top business schools, ExecOnline's leadership development solutions create a diverse pool of future-ready leaders. |
App Icon | Choose from options here |
Entity ID |
|
ACS URL |
|
ExecOnline SSO requires the following attributes to be passed for just-in-time user provisioning.
SAML Attribute (preferred name) | IdP Profile Mapping | ExecOnline Profile Mapping | Description |
NameID (Subject) | Employee ID | SAML NameID | Unique user identifier |
firstName | First Name | First Name | User’s given name |
lastName | Last Name | Last Name | User’s surname |
Email Address | Email Address | User's primary email used for login | |
employeeNumber | Employee ID | External ID | Unique user identifier |
Advanced SAML details, if needed.
Field Name | Value |
SAML Subject NameID Format |
|
Signature Algorithm |
|
Sign | Assertion |
Default RelayState | ⌛to be entered later |
Login URL | blank |
Declare Redirect Endpoint | yes |
Send failure response to the Service Provider | no |
Part 2: Send Your IdP Metadata to ExecOnline
Once the ExecOnline SAML application is configured within your Identity Provider, the next steps are to:
Export your IdP’s SAML metadata from the ExecOnline app you just created.
Send that metadata via our Technical Intake Form or email it to your ExecOnline technical contact.
The Technical Intake Form can accept the following metadata formats:
Metadata URL (preferred)
Metadata XML file
Copy/paste metadata and send certificate as attachment
Entity ID
Assertion Consumer Service (ACS) URL (aka SSO URL)
X.509 Signing Certificate
ExecOnline will continue the configuration steps after receiving your metadata.
Part 3: ExecOnline Finalizes the SAML Configuration
ExecOnline will use your IdP metadata to complete the Service Provider setup.
Once completed you will receive:
A relayState (login-redirect) URL to drop into your IdP config
A checklist for testing both SP-initiated and IdP-initiated logins
You will use these details in the next part.
Part 4: Complete & Test Your SSO Setup
To finalize the Identity Provider setup, paste the provided relayState URL back into your IdP’s ExecOnline app settings. Once this is done, you are ready to test.
Use the provided testing checklist to confirm that the integration is working as expected. Tests will include:
IdP-initiated login: Start from the SSO tile and access ExecOnline as a new user.
SP-initiated login: Start from the ExecOnline login page and access ExecOnline as an existing user.
Profile creation: Verify attribute mappings are correct.