If you want to enable your users to access content in Litmos without having to log in directly via your Litmos login page, then you can achieve this by using the Litmos API.
To make it happen, you will have to follow these steps:
- Make a GET request to the Litmos API for a given user
- Redirect the users’ browser to the URL provided in the LoginKey response field from step 1.
Note:
- The LoginKey changes whenever it is used, so don’t store it anywhere. You need to make a new request for every login.
- If you create the user via the API and don’t want them to set their own password, you need to add the<SkipFirstLogin>true</SkipFirstLogin> item to your create user request.
How to get a unique Litmos User Id
Every user in Litmos has a unique id that will not change regardless of whether or not they change their email address which is what they usually log in using.
To make life easier, we suggest you store the unique user id in your system so that you don’t have to first GET the user id before each call.
To get all of the users in your account, you can call GET /users, which will provide a list of users, including their IDs.
GET https://api.litmos.com/v1.svc/users?source=sampleapp
<Users> <User> <Id>abc12345678</Id> <UserName>rich_demo@litmos.com</UserName> <FirstName>Rich</FirstName> <LastName>Demo</LastName> </User> <User> <Id>81818ajsajh</Id> <UserName>dan_demo@litmos.com</UserName> <FirstName>Dan</FirstName> <LastName>Demo</LastName> </User> </Users>
If you want to get back one specific user, use the search variable in your query string.
GET https://api.litmos.com/v1.svc/users?source=sampleapp&search=rich@litmos.com
<Users> <User> <Id>abc12345678</Id> <UserName>rich_demo@litmos.com</UserName> <FirstName>Rich</FirstName> <LastName>Demo</LastName> </User> </Users>
How to get a User’s LoginKey
Once you have the User Id that you want to log in with, you need to make a GET request to /users/{user-id} or /users/{username}, which will return information about the user. This API call includes a LoginKey, which you can use to redirect the user’s browser.
GET https://api.litmos.com/v1.svc/users/abc12345678?source=sampleapp
<User> <Id>abc12345678</Id> <UserName>rich_demo@litmos.com</UserName> <FirstName>Rich</FirstName> <LastName>Demo</LastName> ..... <LoginKey>https://demo.litmos.com/login.aspx?loginkey=xxxzzzyyy777222</LoginKey> </User>
To ensure that a user logging into Litmos by LoginKey never accesses the page that allows for password and profile setup, add the parameter &skipFirstLogin=true to the LoginKey string. This will ensure that the user skips the account/welcome page, where this information can be edited.
***This differs from changing the SkipFirstLogin>true</SkipFirstLogin>element in the request body of an API call. This is a parameter that is appended to the LoginKey string itself.***
e.g., https://demo.litmos.com/login.aspx?loginkey=xxxzzzyyy777222&skipFirstLogin=true
Removing the logout button
To hide the standard title bar, you can append the query string parameter &titlebar=false to the LoginKey, i.e., https://demo.litmos.com/login.aspx?loginkey=xxxzzzyyy777222&titlebar=false
Please note: the &titlebar=false query string parameter will only remove the title bar for vertical navigation, accounts set up with horizontal navigation will not be able to use this parameter as the title bar is required to navigate to the learner dashboard.
Log straight into a Course or Learning Path index/landing page
You can do a single sign-on and then redirect the learner straight to a Course’s or Learning Path’s index/landing page rather than just the generic learner home page. To do this, you must append a query string key named “C” or “LP” to the SSO login URL. The “C” or “LP” value will be the Original Id for the Course or Learning Path.
You can find the Original Id for a Course or Learning Path by making a call to GET /courses or GET /learningpaths
Ex:
- Course: https://domain.litmos.com/login.aspx?loginkey=xxxzzzyyy777222&C=123456
- Learning Path: https://domain.litmos.com/login.aspx?loginkey=xxxzzzyyy777222&LP=678910
Single Sign-on through SAML
Single sign-on through SAML uses SAML 2.0 protocol and currently is only IdP initiated, meaning all SAML requests must come from a website outside of Litmos. See the articles on Litmos with Okta, Azure, and ADFS for more information.