Skip to main content
This is a custom warning

Does the component apply visual style — color, typography, icons, space, borders, and more — using appropriate variable tokens?

Tovuti Remains Operational during the Global Service Degradation

[6-12-2025 1:45 PM MT] We have noticed multiple services across the internet are degraded worldwide impacted by a Google Cloud Service Disruption. We want to ensure we are monitoring and Tovuti remains up and operational at this time. There are services that may be impactful to your sites, such as YouTube and Vimeo, among others. The MOYO button in the bottom right corner of the admin panel is also affected by this disruption.

Please check back here for updates.

Email support@tovutiteam.com if you have any questions.

Unlock the power of AI-generated content creation with Dizi

Dizi is an AI-powered LMS content creation assistant that creates quizzes and lessons in seconds and entire professional-looking courses in just minutes. Turn weeks of research, planning, and lesson-building into a click of a button.
Reminder! Tovuti Weekly Maintenance Window!

Tovuti's scheduled weekly maintenance window is every Saturday between 8:00 AM and 12:00 PM, US Mountain Time.

There may be downtime during this period.

Adding SSO to Login/Landing Page after setup

  • Updated

Integrating Single Sign-On (SSO) with your Tovuti LMS enhances security for your learners while streamlining the sign-in and registration experience. This article provides step-by-step guidance on how to set up SSO and apply it to your login or landing page for a seamless user experience.

 

This article outlines the following concepts:

 

Supported SAML/OAuth Systems

Tovuti supports the following SSO systems that are supported by SAML or OAuth2.0.

SAML

  • OneLogin

  • AuthO

  • Centrify Identity Service

  • Microsoft Azure Active Directory (view setup guide)

  • Microsoft Active Directory Federation Services (ADFS) (view setup guide)

  • Okta Identity Management (view setup guide)

  • Idaptive Next-Gen Access

  • Amazon Cognito

  • SecureAuth Identity Platform

  • VMware Workspace One

  • EmpowerID

  • Optimal IdM

  • CloudCodes

  • LastPass Enterprise

  • Ping Identity PingOne

  • Salesforce Identity

  • + Generic support for SSO systems that use SAML 2.0

OAuth2

  • AWS Cognito (view setup guide)

  • Google Apps

  • Facebook

  • LinkedIn

  • Instagram

  • Windows Account

  • Other OAuth2 supported Identity Providers

 

Add Single Sign-On Option

Go to Configuration > Click Single Sign-On > Click Add

configuration_sso_01.png

 

Details tab

In Details tab, give this option a Title. Select which SSO Type and the Application

For this SSO Option to be later added to a Landing Page, it must be included in a Navigation Menu. If applicable, add this SSO Option automatically here. 

configuration_sso_02.png

 

Service Provider Settings tab

In the Service Provider Settings tab, provide the EntityID/Issuer for the SSO provider.

configuration_sso_03.png

 

Identity Provider Settings tab

In the Identity Provider Settings tab, provide the SAML information for this SSO option and test the Connection.

configuration_sso_04.png

 

Profile Mapping utilizes information that already exists in a user's SSO profile and transfers it to their Tovuti profile (all info is found in the User Manager). This information can be automatically updated when users log in using an SSO integration by setting up the proper attributes and triggers. 

 

User Profile Field Mapping tab

Go to the User Profile Field Mapping tab. The following fields are described below.

configuration_sso_user-profile-field-mapping_02.png

The IdP Attribute used while mapping depends on which Single Sign-On Provider is being connected to Tovuti. Some providers utilize a Profile Name system (givenname), while other providers use links (Ex: https://www.sso.com/profile/givenname). 

 

Single Sign-On Provider Attributes

Please refer to the Single Sign-On Provider's specific Customer Service for more detailed information.

1. Name IdP Attribute - the profile attribute in the SSO directory that pulls in the user's Name.

 

2. Username IdP Attribute - the profile attribute in the SSO directory that pulls in the user's Username.

If fields 1 or 2 are left blank, the user's email is used to generate Name and Username.

 

3. Email IdP Field - the profile attribute in the SSO directory that pulls in the user's Email.

 

4. Add another Profile Field -  press the green '+' to add additional profile fields that is collected when the user logs in. 

 

5. Choose an additional profile field

Additional profile fields can be created beforehand to be included in this mapping and elsewhere in Tovuti. For information on how to manage and create profile fields, view the Help Center article here

 

6. IdP Attribute - the profile attribute in the SSO directory that corresponds to the chosen profile field. 

If the corresponding IDs or attributes are not found when logging in, the user's profile field won't include the specific profile field.

 

User Group Mapping tab

Go to the User Group Mapping tab. Each field will be described below the image.

configuration_sso_user-group-mapping_03.png

 

User Group Mapping Fields

1. Update User Groups on Every Login - designate if a user's User Group information will be updated only the first time they log in or every subsequent login. 

It is recommended to disable this toggle while testing and enable it when ready to go live.

 

2. Default User Group - the primary group this user will belong to. 

Default should remain "Registered." "Registered" is a required User Group without which a user can successfully log in.

 

3. Group Attribute Name - the attribute that maps the user to these groups. Tovuti will search for the Group Attribute Name or ID when the user logs in using SSO. 

The group attribute name is found in the SSO's directory. 

This attribute above is for groups and not profile fields. 

 

4. Add another User Group -  press the green '+' to add additional user groups that users will be added to when they log in. 

 

5. Choose an additional User Group

Utilizing SSO User Group Mapping for User Group Management overrides User Groups assigned in the User Manager. If you plan to use this feature, make sure to include roles such as "Sub-Administrator" and "Site Administrator" in this configuration.

If not included, Tovuti will judge them as "unnecessary" according to the mapping programming, override the User Manager, and a user logging in with SSO will be removed from these groups. This includes admin user groups.

 

6. IDP Group/Role Identifier - link or role name that maps this group.

If the corresponding IDs or attributes are not found when logging in, the user will not be added to the User Group.

 

Add SSO to the Login Page

Single-Sign On options can be added to a Login Page to help users log in quickly and with added security. 

Login Pages

In the Login Pages editor, view the Details tab.

design_lgin-pages_sso_01.png

 

Select SSO Option

Scroll to the bottom of the page and select an active SSO integration in the Single Sign-On Options field. The selected SSO integration is added to the Login Page.

design_lgin-pages_sso_02.png

To require that Users log in via SSO; ensure that Login Form, Include Password Reset, and Include Registration fields are set to No.

Click Save.

 

User View

From the User Portal, an SSO login option looks like the screenshot below.

design_brands_sso_landing_login_03__2_.png

 

Logging in or registering via SSO may utilize some profile information from the SSO directory.

 

Include SSO on a Landing Page

Landing Pages are often utilized to create a branded experience that highlights content in a logged-out view.

In addition to displaying Courses and Events, the Landing Page can be configured to include a Single Sign-On (SSO) option. This allows learners to quickly register or sign in to the LMS, creating a more efficient and user-friendly access point.

This article outlines the following concepts:

 

Include SSO in the Correct Navigation Menu

The buttons and links included in the Landing Page are configured in Navigation Menus. The Top Header Public Menu is the default Navigation Menu for Landing Pages.

 

Go to Design > click Navigation Menus > select Top Header Public Menu

2025-04-01_12h42_57.png

 

Select New on the Menu Items page. In the Menu Item type field, select Single Sign-On (Assorted Links and Landing Pages dropdown). 

Select a Single Sign-On integration.

Click Save

The SSO Link is now included in this Navigation Menu.

2025-04-01_12h44_16.gif

 

Include the Navigation Menu on the Landing Page

Next, ensure the Landing Page includes the correct Navigation Menu. 

In the editor of the Landing Page, view the Header Section tab. The Top Header Public Menu defaults as the Menu.

2025-04-01_12h45_29.gif

 

Learner Experience

With the Landing Page configured to include all the Menu Items from Top Header Public Menu, the SSO option is displayed at the top of the Landing Page. 

website_landing-page_04.png

 

Logging in via SSO may utilize some profile information from the SSO directory. View the User Profile Field Mapping and User Group Mapping articles for additional information.

Related articles