Skip To Main ContentMasterClass logo
At WorkView Plans
Log In
Get Up To 50% Off

MasterClass at Work

Learning solutions for employees from the world’s best

    SSO Documentation for MasterClass at Work

    Overview
    This page outlines the requirements and steps necessary for integrating Single Sign-On (SSO) services with MasterClass using the Security Assertion Markup Language (SAML) 2.0 standard. SSO allows users to authenticate with multiple applications using one set of login credentials.

    Requirements
    Before you begin the SSO integration process, ensure you have the following information and files:
    • Sign In URL (SAML SSO URL): The URL provided by MasterClass that initiates the SSO authentication process. This is the endpoint to which SAML authentication requests are sent.
    • X509 Signing Certificate (PEM or CER format): A digital certificate using the X.509 public key infrastructure (PKI) standard to verify the identity of the SSO service provider. The certificate must be provided in PEM (.pem) or CER (.cer) format.
    • Sign Out URL (SAML Logout URL): The URL that is used to terminate the user's session in MasterClass. This URL is triggered when a user logs out of the SSO environment.
    • Email Attribute (if non-standard): The specific SAML attribute that corresponds to the user's email address. If MasterClass uses a non-standard attribute name, specify the exact name used within the SAML assertion.
    • User ID Attribute (optional): If a custom identifier is used instead of the standard email attribute for user identification, provide the attribute name that corresponds to the custom user ID.

    Integration Process
    The following steps should be followed to enable SSO for MasterClass:
    1. Prepare the Identity Provider (IdP) Configuration:
    • Gather the required URLs and certificate from your IdP.
    • Configure the IdP with the Sign In URL and Sign Out URL provided by MasterClass.
    • Upload the X509 Signing Certificate to the IdP.
    2. MasterClass SSO Configuration:
    • Submit the Sign In URL, Sign Out URL, and the X509 Signing Certificate to MasterClass through the provided SSO configuration portal or via support contact.
    • If using non-standard email or user ID attributes, provide the attribute names to MasterClass during configuration.
    • MasterClass will return with the following metadata:
      • Assertion Consumer Service (ACS) URL also called the Service Provider URL
      • Entity ID also called the SAML Audience
      • Metadata URL
    3. Testing:
    • Conduct initial testing in a staging environment to verify that SSO is working as expected.
    • Test the login flow to ensure users can authenticate and are redirected to MasterClass
     
    Auto-Provisioning on Request for MasterClass
    MasterClass supports automatic user provisioning, streamlining the process of creating and managing user accounts. To enable auto-provisioning, please reach out to your Account Executive.
     
    Just-In-Time (JIT) Provisioning
    MasterClass leverages Just-In-Time (JIT) provisioning as part of its Single Sign-On (SSO) authentication process. JIT provisioning is a method where user identities are created and managed in real-time during the SSO login process. When a user logs in via SSO for the first time, MasterClass automatically creates a user account based on the credentials provided, eliminating the need for pre-provisioning of user accounts.

    However, it's important to note that MasterClass currently does not support automatic deprovisioning. In the context of SSO, deprovisioning refers to the automatic removal or disabling of a user's access when they no longer need it, typically when an employee leaves an organization or changes roles. Without automatic deprovisioning, the process of removing or updating user access rights in MasterClass must be handled manually. This requires administrators to actively manage user accounts to ensure that access rights are current and that former users do not retain access to the platform.
     
    SSO Via Employee Identification Numbers (New!)
    Introducing an exciting new feature at MasterClass! We understand that every learner is unique, and that's why we're thrilled to offer you the option to log in via Single Sign-On (SSO) using your Employee Identification Number (EIN). We believe in making your learning experience as seamless and user-friendly as possible, and this latest addition ensures that even users without email addresses can access our world-class courses with ease. With the convenience of using your EIN, you can now dive into the vast array of MasterClass lessons, discover your passions, and unlock your full potential, all through a streamlined and secure authentication process. At MasterClass, we're committed to empowering every learner, and this innovative SSO feature is just one more way we're making knowledge accessible to all. For additional information on how we maintain user privacy, please see our Privacy Policy here.