External system integration
It can be linked to external systems in four ways: SAML, SCIM, proprietary SSO, and LDAP.
*Select "Site customizer" in the side menu and click on "Basic settings."
Click on the "External system linkages" on the Basic settings page.
*We will not be able to address any issues that may happen as a result of your use of the Site customizer. For more details about problems that may occur, click here.
Required
Customization, Site customizer, Management role of Co-admin
Use SAML
Turn on the toggle key of "Use SAML."
*Be sure to click the "Save" button before exiting.
Introduction
Regarding SAML, refer to Single sign-on using SAML.
SAML integration with Microsoft Entra ID:
SAML authentication with Microsoft Entra ID is available.
*For more details, refer to SAML integration settings in Microsoft Entra ID.
Advanced settings
01. Automatic account registration when SAML authentication succeeded
When you succeed in SAML authentication with an account that does not exist on learningBOX and try to register it as a new account, turn on the toggle key.
02. Include Requested Authn Context
Turn off the toggle key to support Microsoft365.
03. SAML advanced settings
Please register your IdP information here.

04. SAML Parameter Mapping
Set which parameter values are applied to the login ID, name, and email address respectively.
Enter directly or click "Add" and select one from the list.

From Ver. 2.23, when Login ID is not selected in the Input field settings, random text will be applied to the Login ID.
SP (learningBOX) configuration information
The information required to register learningBOX as an SP to an IdP is listed here.
Enter this information on the IdP side.

Use of SCIM
SCIM integration with Microsoft Entra ID:
SCIM synchronization with Microsoft Entra ID is available.
*For more details, refer to Setting up SCIM integration with Microsoft Entra ID.
SCIM Usage Settings

*Be sure to click the "Save" button before exiting.
01. Enable SCIM synchronization
To use SCIM synchronization, turn "Enable SCIM synchronization" On.
02. base URL
You can copy the service provider information to be registered on the IdP side.
03. Token
You can issue tokens to register with IdP.
*If you have already used the token, you will need to re-register the token on the IdP side if you reissue it.
04. Send invitation e-mail
By synchronizing with IdP, you can choose whether or not to send an invitation e-mail to new users when they register for learningBOX.
To send, select an email template from the pull-down menu.
*If you do not send it, no password will be generated.
05. SCIM's active attribute and learningBOX's user status linkage
The activ attribute on the IdP side and the user status of the leaningBOX can be linked.
If you wish to collaborate, please tick the "Collaborate" box.
You can also choose whether the user status should be "disabled/suspended" when the active attribute is "disabled".
*learningBOX owner accounts are not eligible for user status linkage.
For more information about user status, see " Add user.
06. learningBOX account processing when a user is deleted by SCIM
You can choose how to handle accounts on the learningBOX side when a user is deleted on the IdP side.
Please select either "Disable User Status" or "Delete Account".
In the case of *deletion, all account information, including user information and grades, will be deleted and cannot be restored.
07. Mapping
Mapping field keys on the learningBOX side to SCIM attributes on the IdP side enables synchronization.
▼ Field Keys
The field key used on the learningBOX side is displayed.
This is the " Input field settingsEdits and additions can be made in the "Edit" section.
▼SCIM Attributes
Select the SCIM attribute from the pull-down menu that corresponds to the field key on the learningBOX side.
Please leave unselected those items that do not need to be linked.
*Even if the field key is set to "cannot be changed," the mapped items will be updated during synchronization.
Synchronization history
The synchronization history by SCIM is displayed.
You can also check the history for the most recent year.

01. Narrow down your search
You can refine your search for the following items
- Login ID
- result
- data manipulation
- Synchronization Date
- ID *Enter the 36-character ID that is the SCIM resource identifier.
02. Synchronization history display
The following items will be displayed
▼ Login ID
The login ID of the user to be synchronized is displayed.
▼ Results
Synchronization results are displayed.
▼ Error Details
If synchronization fails, the error message is displayed.
▼ Data manipulation
The request type (create/retrieve/update/delete) is displayed.
*"Acquisition" is hidden in the default refinement state.
▼ Synchronization Date
The date and time the request was received are displayed.
They can also be sorted in ascending/descending order.
▼ID
A 36-character ID, the SCIM resource identifier, is displayed.
▼ Details
Request and response details are displayed in json format.
Note
Labeling of SCIM linkage
Users created/updated in the SCIM integration can be accessed in the "User Management" section of the "User Management" page. Edit userThe SCIM linkage label is displayed for the corresponding item in the "SCIM Linkage" screen.

Use of Proprietary SSO Keys
Proprietary SSO is available.
Register SSO key
01. Create new
Click on "+ Create new."
*Up to 100 keys can be registered.

02. Settings

Set each of the following items.
▼ Use this SSO key
Tick the box to use the SSO key you have set up.
▼SSO Key
The API specification is available for download.
Refer to the SSO in the downloaded API specification, and enter the information.

▼ Referrer URL
This setting restricts access, and only the URL you have entered will be allowed to access.
Click the "+" button to add a referrer URL.
To delete a URL, click the trash can icon.
*Up to 10 referrer URLs can be set for one SSO key.
▼ Group
You can specify which groups are allowed to log in.
*Multiple groups can be specified.
When you leave this field blank, no group restrictions will be set.
▼Automatically create a learningBOX account when an unregistered account logs in
When an unregistered account logs in, you can choose whether or not to create a new account.
Tick the box to create a new account.
▼Permit to change a management role
You can choose whether or not to allow overwrite management roles when parameters regarding management roles exist in the API document. To permit the change, tick the box.
When you tick "When an unregistered account log in, add a new account automatically,"
any unregistered account can log in if you specify groups to allow log in. The account will also be registered as a member of the specified group.
Edit/delete SSO keys
Click on the "︙" icon > select "Edit" or "Delete."
*For more details on items to edit, refer to Register SSO key.

Use LDAP
LDAP integration with external systems is available.
*For more details, refer to Use LDAP.