To SSO, or not to SSO? Both are great options!

Standard registration will require learners to:

SAML2-based Single Sign-On bypasses these mechanisms, relying on your own Identity Provider for authentication. Rather than logging in with a LemonadeLXP password, your learners will log in with a password they already know (as determined by your IdP). SSO essentially bypasses a registration form, but not the login process.

On the main log-in page, new learners should:

Users can also get registered via several other methods depending on how you wish to approach their registration processes.

As important detail, it's important to complete the validation request from the same browser that was used to register. Sometimes, learners will use a "preferred browser" to browse, but their email client opens a different default browser when the validation link is clicked. In such cases, validation will not succeed.

If new users are already set up in a SAML-capable Identity Provider, and you've enabled SSO as an option, they can:

Learners will be happy their usual sign-in experience won’t change, and your keen Information System reps will love that they can keep access-control on your turf. Win-win!

Depending on how you set up your SSO, you could potentially have both options available when registering new users.

When SSO is Enabled, users can either register through their own SSO or be registered via an assortment of regular registration options.

When SSO is Forced, it's SSO only! If a user doesn't have the appropriate SSO set up, they cannot register! There exists an exception to this mechanism, where you can whitelist IP addresses in a forced situation. Learners that access LemonadeLXP from these whitelisted IPs will still have access to the standard authentication systems.

In both cases, users can be added manually before SSO is either enabled or forced. They will still have full access to all of your LemonadeLXP and be "exempt" from SSO rules.