Add an Identity Provider

  1. Visit your organization’s Identity Provider tool or website and create a new application.

  2. In Brightspace, from Admin Tools select SAML Administration.

  3. Click Add Identity Provider.

  4. From the Add New Identity Provider page, collect the Brightspace Metadata URL by clicking Copy.

    Note: The Brightspace Metadata URL is typically all the information that is required, however, if your application requires the contents of the Metadata URL, click See detailed metadata and collect Entity ID / Issuer, Assertion Consumer Service (ACS) / Reply URL, or All Brightspace Metadata (full XML metadata).

  5. Add this information to your new application on your Identity Provider’s site.

  6. In Brightspace, set the Display Name to easily identity the purpose of the registered Identity Provider. Example names include Learner Log in, Faculty Log in, or Primary Log in, although any name can be used.

  7. Click Import from your Identity Provider to display the Identity Provider Application Metadata URL (optional) input, and the Import from URL button.

  8. If you have a publicly accessible metadata URL available from your Identity Provider, click Import from URL. This pre-populates the following fields:

    1. Entity ID / Issuer

    2. Single Sign-On Service (HTTP-Redirect) URL

    3. X.509 Signing Certificates

  9. If you do not have a publicly accessible metadata URL available from your Identity Provider, populate the following fields manually with information from your Identity Provider:

    1. Entity ID/ Issuer

    2. Single Sign-on Service (HTTP-Redirect) URL

    3. X.509 Signing Certificate

  10. Set the User / Name ID Mapping option.

    Note: The User / Name ID Mapping field is used to create a mapping between the end user’s identity provider user account and their Brightspace user account. The options include: Username, Org Defined Id, Email Address, Username or Org Defined Id. Depending on what option is chosen you must set use the appropriate format. Username and/or Org Defined Id require the unspecified Subject NameId format be used. Email Address requires the emailAddress Subject NameId format to be used.

  11. Populate the optional field for Logout Redirect URL (optional). This URL is used to redirect the end user when logging out of Brightspace. D2L recommends using the URL of your organization's homepage.

  12. Populate the optional field for Failed Log in Redirect URL (optional). This URL is used to redirect the end user when an SSO log in attempt fails. This overrides the standard D2L failed login error page.

  13. Click Save.