Skip To Main ContentMasterClass logo
At WorkView Plans
Log In
Sign Up

MasterClass at Work

Learning solutions for employees from the world’s best

    Single Sign-On (SSO) Overview & Setup Guide

    Overview
    MasterClass supports Single Sign-On (SSO) for enterprise customers to streamline user authentication and access management. SSO allows employees to securely log in using their organization's identity provider (IdP) without needing separate credentials for MasterClass. By implementing SSO, organizations improve security, reduce password fatigue, and simplify user access control.
    MasterClass integrates with major Identity Providers (IdPs) such as Okta, Microsoft Entra ID (Azure AD), and Ping Identity, ensuring compatibility with existing enterprise authentication systems. This document outlines the requirements, setup process, and provisioning options available for MasterClass SSO implementation.

    Requirements
    Before you begin the SSO integration process, ensure you have the following information and files:
    • Sign In URL (SAML SSO URL): The URL provided by MasterClass that initiates the SSO authentication process. This is the endpoint to which SAML authentication requests are sent.
    • X509 Signing Certificate (PEM or CER format): A digital certificate using the X.509 public key infrastructure (PKI) standard to verify the identity of the SSO service provider. The certificate must be provided in PEM (.pem) or CER (.cer) format.
    • Sign Out URL (SAML Logout URL): The URL that is used to terminate the user's session in MasterClass. This URL is triggered when a user logs out of the SSO environment.
    • Email Attribute (if non-standard): The specific SAML attribute that corresponds to the user's email address. If MasterClass uses a non-standard attribute name, specify the exact name used within the SAML assertion.
    • User ID Attribute (optional): If a custom identifier is used instead of the standard email attribute for user identification, provide the attribute name that corresponds to the custom user ID.

    Integration Process
    The integration process for MasterClass at Work involves several key steps to ensure seamless connectivity between enterprise systems and the MasterClass platform. The process typically follows these phases:

    1. Requirement Gathering: Identify the customer's Single Sign-On (SSO) and provisioning needs.
    2. Configuration Setup: Implement SSO and user provisioning settings.
    3. Testing & Validation: Verify that authentication and provisioning work correctly.
    4. Deployment & Monitoring: Launch the integration and ensure ongoing functionality.

    SSO Configuration
    MasterClass supports SSO through industry-standard protocols, including SAML 2.0 and OpenID Connect (OIDC). To configure SSO:
    1. Obtain SSO Metadata: Customers must provide their IdP metadata, which includes SAML assertion details or OIDC endpoints.
      • IdP Metadata File or URL
      • X.509 Certificate (Public Key)
      • SSO Login URL (SAML Endpoint / OIDC Authorization Endpoint)
      • The IdP’s redirect URL for authentication.
      • SAML Attributes (User Mapping)
    2. Configure IdP and SP: Configure MasterClass as a Service Provider (SP) and set up the Identity Provider (IdP) to pass the required attributes.
    3. Define Attribute Mapping: Ensure attributes like email, name, and employee ID match the required schema.
    4. Test Authentication: Verify login through the IdP using test accounts