When using Single sign-on software (abbreviated to SSO), you as a user do not have to remember different passwords for different applications each time. You now only need to log in once to your workstation, after which you automatically get access to the Coachview training portal. You don't have to log in every time, and the login screen is no longer displayed.

There are 2 methods for integrating SSO.
Method 1 (preference):
Via 'IdpInitiated Single Sign-on' from your own 'Identity Provider'. From there, a signed SAML request is sent to the Idp via http-post. If you are logged in and authorized on your side (the Idp), the Idp will send back a signed SAML response containing an (possibly encrypted) assertion with at least the "Name Id" claim filled. Coachview checks the signature and whether the "name id" claim contains the unique (external) Id that is known to the person. You will then be automatically logged into the training portal.
Methode 2:

You log in via Single Sign-on via the login page of the training portal. So you surf to https://<client name>

This is also known as the service provider-initiated Single Sign-on.

Note: In most cases, this login screen will no longer be displayed, but you will be redirected and/or logged in immediately.

What does it take?
  1. Idp (identity provider) with SAML 2.0 (via http post) can configure a trust. (e.g. Microsoft Active Directory Federation Services (ADFS))
  2. Unique identifier: This must be filled with the unique identifier, which we also use in Coachview for unique identification of the persons (External Id to person). Note: If there is a CRM (companies and persons) import, this must be the same identifier user as for Single sign-on.
  3. ICT expertise and network/system administrator on your side who can configure your Idp.

Important terms:
  1. Identity Provider: This must be set up by you, this is a trusted party that creates a digital identity and provides it to an individual.
  2. Service Provider: This is Coachview, the system you want access to.
  3. SAML 2.0: Security Assertion Markup Language, the standard used to securely send messages between the Idp and the SP. 

What do we need from you?
Two possibilities:
  1. The metadata URL of your Idp For example for Microsoft ADFS: https://klantnaamt/federationmetadata/2007-06/federationmetadata.xml.
  2. Or the settings entityID, Idp service URL and the (base64) certificate (which is used to sign the response). 

Note: If your certificate expires and is replaced, this new certificate must be delivered to the Coachview helpdesk in time. The new certificate will not be replaced automatically.

One claim type "Name ID". This must be filled with the unique identifier (ExternId with person), which is used in Coachview for the unique identification of the persons.

The secure hash algorithm sha-1 or sha-256 (preferred) is used to verify the signature.

Can the person automatically log into the training portal? Yes or No.

Should it still be possible to log in via username and password? Yes or No.

Does your certificate need to be assessed for validity? If so, the certificate must be valid and familiar. (No self-signed certificate, but issued by a trusted certificate authority.

Steps-by-step plan


Provide the required data. see "What do we need from the customer".

Creation of the training portal.


Activeren SAML2 authentication provider en settings inregelen Coachview.Coachview.

Set up Idp when the training portal is created...

Metadata of the training portal (service provider) is displayed:

This can be used to (automatically) configure your Idp with for example Microsoft Active Directory Federation Services (ADFS).

Set claim type.

This must be filled with the unique identifier (ExternalId to person), which is used in Coachview for the unique identification of the persons.

The secure hash algorithm sha-256 (recommended) or sha-1 (not recommended) for verifying the signature.You.
How are you going to give the person access to your training portal?

You have 3 methods for this.

Method 1:

Automatische actions Coachview
  1. For example, enrolling in a training course. Person only gets access to the training portal after it has been registered..
  2. When creating a person with ExternId.

Method 2:

Creation in portal as user (the first time) is authenticated via SSO in Training portal.

Setting up in Training Portal or person in Coachview needs to be created/changed. In the case of a Hrm link, this is standard NO

Parameter "Create user".

Method 3:
Manual creation from Coachview.

Creation of 1 test person to check SSO.
You and Coachview.
If import 'Companies and Persons' is used - check for ExternalID.

Note: if there is an error in this import, it is difficult to correct it.

Import 'Companies and Persons'.

Final check.

You and Coachview.