• Home
• App Integrations
• Single Sign-On Integrations
• Thinkific Single Sign-On

Thinkific Single Sign-On (SSO)

---

Thinkific provides a platform that allows businesses or people to create and deliver online courses without any design or technical expertise. It allows its users to use their existing resources to set up online courses using an easy to use interface. Thinkific offers tools for setting up courses, managing students, payments, and marketing to reach a bigger audience. Its a one-stop shop for all your Online Course needs.

Challenge faced by Thinkific Users

Companies/People usually have an existing application/site where student credentials are already stored. Thinkific users want a continuous and seamless access to their portal through their existing accounts. They don't wish for their students to have a separate set of credentials for logging in to Thinkific. Thinkific allows its users to use their existing credentials to log in to their Thinkific platform using JWT (JSON Web Token). An interface needs to be created by users to generate that JWT token and log the users into Thinkific using their existing credentials. Users don’t always have control or the resources to generate such an interface. miniOrange has the perfect solution for such a problem.

miniOrange provides SSO solution for Thinkific

miniOrange has a ready made solution that users can use to authenticate themselves using their existing credentials and log into Thinkific. Users just have to click a link and based on the Identity Provider or User stored configured in miniOrange are redirected to the appropriate login page / Identity Provider for authentication. After successful authentication miniOrange constructs the necessary token and automatically redirects the user to the Thinkific SSO URL.

Thinkific deconstructs this payload and either finds the user and signs them in, or if they don’t already have an account on your Thinkific site, creates an account and signs them in.

Pre-requisite

Obtain the following information from Thinkific.

• Login to your Thinkific, go to Settings. Click on Code & analytics.
• Navigate to API.



• You can find the API Key ( Shared Secret ) here.
  
• Also, Obtain the Subdomain from here and replace the URL next.
• JWT Endpoint URL: Example : https://{Subdomain}.thinkific.com/api/sso/v2/sso/jwt?jwt=

Follow the Step-by-Step Guide given below for Thinkific Single Sign-On (SSO)

1. Configure Thinkific in miniOrange

• Login to miniOrange Admin Console.
• Go to Apps Click on Add Application button.



• Select JWT App.Click on Thinkific.







• In Add Apps tab enter the values and click on Save.

  Custom Application Name	Choose appropriate name according to your choice.
  Description	Add appropriate description according to your choice.
  Redirect-URL	https://{Subdomain}.thinkific.com/api/sso/v2/sso/jwt?jwt=

• To configure App secret go to Edit against your configured app, Apps>>Select your app>>Edit






App Secret	The API Token fetched from Thinkific dashboard
Signature Algorithm	Choose HS256

• Click on Save
• Now, You can access Thinkific Account Using IDP credentials through the Single-sign-on URL as shown in image above.
• For Attribute Mapping, go to Select>>Edit.
• Enter the Client Id, App Secret and Client Token.
• To map the atrrinutes between the IDP and miniOrange application, click on Attributes + button.
• The first three attributes will be hard-coded values.

Attribute Name	Attribute Value
store_hash	Custom Attribute Value
redirect_to	Customer Attribute Value
opeartion	Customer Attribute Value



• If you are using an external IDP, you need to map the attributes coming in from the idp by choosing the external IDP option.



• Now, You can access Thinkific Account Using IDP credentials through the Single-sign-on URL as shown in image above.

2. Configure Your User Directory

miniOrange provides user authentication from various external sources, which can be Directories (like ADFS, Microsoft Active Directory, Azure AD, OpenLDAP, Google, AWS Cognito etc), Identity Providers (like Okta, Shibboleth, Ping, OneLogin, KeyCloak), Databases (like MySQL, Maria DB, PostgreSQL) and many more. You can configure your existing directory/user store or add users in miniOrange.

• Setup miniOrange as IDP
• Setup External IDP

• Log in to miniOrange dashboard from the Admin Console.
• Now, there are 3 ways to add users in miniOrange Identity Source:

1.1 Create User in miniOrange

1.2 Bulk Upload Users

1.3 Self User Registration




1.1 Create User in miniOrange

• Click on Users >> Add User.



• Here, fill the user details without the password and then click on the Create User button.



• Click on On Boarding Status tab. Check the email, with the registered e-mail id and select action Send Activation Mail with Password Reset Link from Select Action dropdown list and then click on Apply button.



• Now, Open your email id. Open the mail you get from miniOrange and then click on the link to set your account password.
• On the next screen, enter the password and confirm password and then click on the Reset Password button.



• Now, you can log in into miniOrange account by entering your credentials.



1.2 Bulk Upload Users in miniOrange via Uploading CSV File.

• Navigate to Users >> User List. Click on Add User button.



• In Bulk User Registration download sample csv format from our console and edit this csv file according to the instructions.



• To bulk upload users, choose the file make sure it is in comma separated .csv file format then click on Upload.



• After uploading the csv file successfully, you will see a success message with a link.
• Click on that link you will see list of users to send activation mail. Select users to send activation mail and click on Send Activation Mail. An activation mail will be sent to the selected users.



1.3 Self User Registration

• miniOrange self user registration allows end users to register themselves using customized registration form. miniOrange admin users can customize the registration form by adding more custom fields according to their choice. Learn More

miniOrange integrates with various external user sources such as directories, identity providers, and etc.

• Okta
• ADFS
• Ping
• AWS Cognito
• Many more

• Note: Once you configure the IDP, you need to Send first_name and last_name as configure attributes

Not able to find your IdP or Need help setting it up?

Contact us or email us at idpsupport@xecurify.com and we'll help you setting it up in no time.

3. Test SSO Configuration

• miniOrange as IDP
• External IDP

Using SP Initiated Login

• Login to your Thinkific account.
• On the Dashboard, Click on Desgin your site-> Theme library option.



• Click on Three Dots as shown in the below image and select EDIT CODE option from dropdown.



• Now, click on the Snippets link and search for meta_tag option and click on it.



• Add Single Sign-On URL in the below format as shown in the image, (you will get this url from step 1) and click on Save button.





• Go to your Thinkific URL, click on SIGN IN button which will redirect you to miniOrange IdP Sign On Page.





• Enter your miniOrange login credential and click on Login. You will be automatically logged in to your Thinkific account.

Using IDP Initiated Login

• Log into miniOrange IdP using your credentials.
• On the End User-Dashboard, click on the Thinkific application configured, to test the SSO flow.



• You will be successfully logged into Thinkific.

Using SP Initiated Login

• Login to your Thinkific account.
• On the Dashboard, Click on Desgin your site-> Theme library option.



• Click on Three Dots as shown in the below image and select EDIT CODE option from dropdown.



• Now, click on the Snippets link and search for meta_tag option and click on it.



• Add Single Sign-On URL in the below format as shown in the image, (you will get this url from step 1) and click on Save button.





• Go to your Thinkific URL, click on SIGN IN button which will redirect you to miniOrange IdP Sign On Page.



• On accessing the Single sign-On URL as mentioned in the second step, you will be asked to enter your Okta credentials.



• On entering the valid credentials, you will be successfully logged into Thinkific.

Using IDP Initiated Login

• Log into Okta using your credentials.
• Click on Admin to access the Admin Console, then click on Applications.
• Click on Add Application and search for "Bookmark App", and Click Add in the left pane.
• Choose an app name of your choice which will be the display name.
• In the URL section, enter the SSO URL that is given in the JWT app.



• Click on Save.
• On the End User-Dashboard, click on the Thinkific bookmark application configured, to test the SSO flow.



• You will be successfully logged into Thinkific.