Set Up Your Identity Provider in Foundry
Learn how to set up your Identity Provider in Foundry.
The steps for describing your Identity Provider to Foundry are outlined below. Before beginning this process, please make sure to complete the Pre-Implementation Checklist. Once you’ve collected the necessary data about your organization’s identity provider, you are ready to enter it into your Foundry Account.
1. Log into your organization’s Foundry account using the URL provided from an EVERFI representative. You will need to have a profile in the system for this step.
2. Go to Settings in the left navigation and select Single Sign-On. If you do not see this option, that means this integration has not been enabled yet on your account. Contact Support for assistance.
3. Open the EVERFI SAML Metadata file by clicking View next to EVERFI SAML Metadata, then either Download Full Metadata or scroll down in the modal to Download encryption certificate. Close the pop-up modal.
4. In the top right corner, click New Identity Provider to create a new SSO configuration
5. Enter the Display Name which is what learners will see on the Foundry login page
6. Select the behavior for the following options
-
Allow service provider initiated login?
-
Check if you want to allow SP-initiated SSO
-
-
Also log users out of this provider when logging out of Foundry
-
Check if you want learners to be logged out of the identity provider system when they log out of Foundry. See Single Logout Overview for more.
-
-
Suppress Welcome Email to users on first login via SSO?
-
Check if you do not want learners to receive an automated email from Foundry upon login
-
7. EVERFI SAML Certificate will be selected automatically to use the most recent certificate available.
8. EVERFI Signing Algorithm has two options: SHA-1 and SHA-256
-
SHA-256 is the default and preferred option, but if your identity provider only supports SHA-1, that option is also available. See EVERFI Signing Algorithm for more information.
9. In the Technical Contact section add in a name, phone number, and/or email address that will display to learners should they encounter an error during single sign-on. EVERFI may also send notifications to this email address about SSO issues like an expiring certificate.
10. In the SSO Metadata section, add the properties about your identity provider. There are three options:
-
Use a URL – Enter the SAML metadata URL of your identity provider
-
Upload XML Data – Upload your IDP’s SAML metadata file
-
Enter Parameters in a Form – Use the info gathered in Pre-Implementation Checklist
-
-
Entity Id of the SSO IDP
-
Single Sign On (SSO) – Login URL of IDP
-
Single Log Out (SLO) – Logout URL of IDP (if any)
-
IDP Certificate Algorithm and IDP Certificate Fingerprint, or
-
IDP Certificate Text (copy and paste the encoded text from your organization’s certificate into the IDP Certificate)
-
11. If you would like to enable User Provisioning Through Single Sign-On, use Just-In Time User Provisioning.
12. Click Save to complete your SSO setup.