By activating the SAML app in Docebo, users can log into their learning platforms using credentials from active sessions of other web platforms. Docebo offers two types of configuration procedures for the SAML integration, called Smart Configuration and Standard Configuration. This article will go through the differences between them so that you can understand which one suits you the best.
Smart Configuration vs Standard Configuration
When configuring the integration between Docebo and SAML, you can either select the Smart Configuration or the Standard Configuration procedure.
If you have configured the integration with SAML before February 25, 2020, you have gone through the Standard Configuration procedure, while the Smart Configuration procedure is the default option for those integrating after February 25, 2020.
Independently from the configuration type currently selected in your platform, and on whether you have already configured the integration, you can re-configure it at any time, but remember that all of your settings will be lost, and you will have to start the configuration from scratch.
Find Out More
Find out more about:
- the Docebo SAML Integration with Smart configuration
- the Docebo SAML Integration with Standard configuration
As of October 26, 2021, Docebo has implemented a short-lived token in order to provide better security:
Previous Authentication Flow
Before October 26, 2021, the Docebo platform would send a request to the Identity Provider (IdP) and receive a persistent access token.
Each SSO has a slightly different process, but all of them return a link to Docebo with the access token in the URL:
Short Lived Token Authentication Flow
The updated authentication flow provides added security by replacing the IdP provided single-use short-lived token with an internally used access token:
Each SSO has a slightly different process, but all of them return a link to Docebo with the short lived token in the URL. The short lived token is a one use short lived (with a lifespan of 30 seconds) token that can be exchanged for real credentials:
Docebo automatically and internally using POST calls exchanges it for the real access token. This increases security but does not change the overall behavior of the SSO.