This document describes good practices regarding the implementation architecture for integration into a company’s existing ecosystem using Pluralsight’s CRUD User Management API, SAML 2.0 Single Sign On (or SSO), REST API and Custom Report Exports. Each one is approach, to describe the pros of incorporating it to an implementation architecture.
SAML 2.0 Single SIgn On: Enables companies to establish a trust between their authentication systems and Pluralsight.
CRUD User Management: Enables companies to manage licenses and user assignments programmatically.
REST API: Enables companies to programmatically integrate Pluralsight data into third-party systems. You can read more by click here.
Custom Report Exports: Enables companies to extract complex / granular data from Pluralsight leveraging our Professional Services team.
The document includes examples of implementations. However, each implementation is unique and has to be customized, which is why it is important that each solution is thoroughly tested before used in production.
Overview of Authentication (Single Sign On or SSO)
The basic principles for customization of authentication in Pluralsight are flexibility and trust. To achieve flexibility in the authentication of users to Pluralsight, authentication should be performed outside the Pluralsight platform. To make this as secure as possible in Pluralsight, a trust has to be established between the authenticating party and Pluralsight. Based on this trust, Pluralsight can trust the identity of the user supplied by the authenticating party.
Single Sign On ( or SSO) allows for users to pass between two systems without having to manually type in a username and password each time while maintaining trust between the two systems. It involves passing information about the user to Pluralsight from which Pluralsight creates an account or authorizes access. It has numerous benefits, a few of which are outlined below.
Seamless Experience - When a user clicks an SSO enabled link (e.g. in an LMS or in an SSO portal) they will instantly be taken to the content they wish to view with no additional sign ons. Environment Integration - This helps increase adoption by placing Pluralsight side by side with existing internal applications.
Auto Provisioning - Users can be provisioned a license automatically simply by clicking a button (this is an optional feature) making the invite management process easier or allowing you to leverage an internal system.
Issuance Criteria - This allows us to accept or reject an individual based on things like role, team, department, etc. It’s a simple way to set rules around auto provisioning.
Team Assignments - This allows for a user to be automatically be placed into a Team within Pluralsight upon license creation. This further automates the setup and organization of your Pluralsight instance.
In order to set up SSO Pluralsight and the company will need to exchange SSO metadata, which is typically a .XML file with relevant information between the two servers. Pluralsight’s metadata exists in the app catalogues of Okta, Azure, PingOne, and One Login. To begin SSO setup please inform your Pluralsight representative who can engage professional services.
Our user management CRUD (Create, Read, Update, Delete) API allows you to manage your users from your own internal ecosystem. This can include sending invites, updating specific users, or removing users from a plan.
CRUD API Benefits
Less Process Creation
The CRUD API allows you to issue invites from within your internal system, adapting Pluralsight to existing processes rather than creating new ones.
Automatically Remove Users
The CRUD API lets you remove users from your own processes and works in tandem with SSO to make the entire process of provisioning and deprovisioning seamless.
Because Pluralsight can exist within an existing subscriber management system it helps to manage large amount of users at scale.
Automated Data Delivery
Pluralsight has the capability to automatically deliver data files to wherever they need to go. This includes emails to individuals, shared folders, FTP/SFTP, or POST to API endpoints. This brings usage/completion/catalogue data into your existing ecosystem. An example of this would be a .CSV file of usage data delivered to your email on a weekly cadence with the previous weeks usage, or to a shared folder where a business intelligence solution can automatically consume and display it.
Benefits of Automated Data Delivery
Custom Formatting - Pluralsight can format data into whatever is needed by the customer for integration to existing processes.
Automated Delivery - Data can be delivered to internal company channels for integration into existing processes.
Pluralsight can integrate data into existing ecosystems via data file delivery to email, FTP or SFTP placement, shared folder, or an API endpoint. Pluralsight also makes available Usage APIs, Completion APIs, and course catalogue APIs. These can be accessed from your dashboard by going to Account > Integrations > (Scroll down) View Documentation. There is also a separate whitepaper for help integrating these. Data delivery capabilities can be either .csv or .txt files and can be delivered on a daily, weekly, or monthly cadence.
Automated file delivery
Benefits of ecosystem integration
Types of data that can be delivered
Custom data layouts
Technical features of ecosystem integration Diagram of integration
Diagram of integration
Case Study: Company X utilizes a standalone subscription management system (proprietary), analytics system (Tableau), and LDAP (Open Source) and needs Pluralsight to be able to work with all 3. The objective of each are as follows:
Subscription Management: When an end user leaves company X, their IT group goes to a single place to deprovision all access instead of having to go to dozens of software dashboards.
Analytics System: Company X utilizes multiple learning and technology platforms including compliance training, and internal trainings. They need a single place with total control over the visualization, team hierarchies, and pairing of data with multiple systems to track usage against projects in whatever structure they want.
LDAP (Lightweight Directory Access Protocol): Company X uses their LDAP as a single source of truth for employee data which sits behind their HRIS. They need to be able to feed data from the LDAP to Pluralsight (i.e. employeeID, and group attributes to have Pluralsight stop or let through authentication to provision licenses)
Company X was able to utilize Pluralsights CRUD user management API to make calls from their subscription management system that removes a user when they are sending calls to all
their other service providers. They were then able to setup a SAML SSO connection with Pluralsight where they are sending both employeeID and ReferenceIndicator attributes. Pluralsight loads the employeeID into their “note” field so that it is stored long term, and also wrote logic based on provided values from the ReferenceIndicator to allow users on the platform or not and provide a custom error message directing them back to their relevant business unit owner. Finally Company X utilized Pluralsights REST API suite to make calls daily for raw data as a data source for their analytics system. This includes the Pluralsight “note” field which contains their employeeID so that they can pair the usage data with all their other data sources for a total end-to-end integration.
So now what?
Contact your sales representative and inform them that you’d like to engage Professional Services to discuss what integration options are available for your environment.