<aside>

iorad Admins

Invite team member

Set your Tutorial Branding

Set Tutorial Privacy

Set iorad SSO

Set tutorial Layout preferences

User type - Roles & Access

Tutorial Categorization governance

iorad Creators

iorad High level onboarding Demo

Creating tutorials - ‘how-to’ guides

iorad Resources

‣

https://blog.iorad.com/extension-technicaldoc

iorad InfoSec packet (external)

Industry insights, best practices

</aside>

🔐 Single Sign-On (SSO) Configuration and Settings

Purpose: Gives your team friction-free access, improves security, and sets a clean foundation for capturing learner analytics (if applicable)

What you’ll need:

• Identity provider details (Okta, Azure AD, Google Workspace, etc.)
• Admin access to both systems OR provide IT with temporary Admin license to iorad for set up
• Metadata/connection information provided by your IT team

Process:

• Help Enabling SSO within iorad - overview of setting up SSO configuration; includes tutorials for specific SSO vendors
• Enable SAML SSO - this tutorial walks through what information is needed to set up the vendor config, as well as the many iorad-specific settings available; includes our most recommended iorad configuration
• Setting up Azure Active Directory SSO
• Setting up Auth0
• Setting up Google SSO
• Setting up Okta SSO

Overview

This guide explains how to configure iorad's Single Sign-On (SSO), tutorial privacy settings, and access controls to enable internal learner tracking analytics while maintaining secure and private external viewing of just-in-time content.

By properly configuring these settings, you can:

• Track learner-level analytics for internal employees
• Maintain secure, controlled access to tutorial content
• Enable external viewers (customers, vendors) to access content when needed
• Deploy just-in-time learning via the iorad browser extension

Key Concepts

Single Sign-On (SSO)

SSO enables seamless authentication for your organization's users and is essential for capturing learner-level analytics. iorad supports SAML-based SSO integration with identity providers like Google Workspace, Okta, and Azure AD.

You can find a full list of the SAML SSO providers we support here:

Enabling SSO within iorad

Tutorial Privacy Settings

Tutorial privacy controls who can view your content. Available options include:

• Public: Anyone can view the tutorial without logging in, and search engines can crawl and index the content.
• Unlisted: Anyone with the direct link can view the tutorial, but search engines won't crawl or index it.
• Embed Only: Can only be viewed when embedded in authorized domains
• Invite Only: Only users who have been specifically invited by email or whose email domain has been granted access can view the tutorial.

Access Settings

Access settings determine which users can view tutorials:

• Domain View Access: Grant access to all users with a specific email domain
• Individual Invitations: Invite specific users by email
• Force SAML Sign-in: Require authentication to capture learner analytics

Just-in-Time Learning Delivery

iorad enables just-in-time learning through two primary delivery methods:

• iorad Browser Extension: A browser plugin (available for Chrome, Firefox, and Edge) that learners install and log into. When logged in, the extension displays available tutorials contextually within the applications they're using, providing on-demand help exactly when needed.
• iorad Widget: An embeddable code snippet that can be added to any website or web application. Once embedded, the widget displays the iorad help icon and tutorial library directly on the site, enabling just-in-time learning for users without requiring them to install a browser extension.

Both methods support the same analytics tracking capabilities when learners are authenticated via SSO.

Configuration for Internal Learner Analytics Tracking

Step 1: Configure SAML SSO

Requirements: SSO is available on Team and Enterprise plans

Configuration steps:

1. Access SAML configuration in your iorad admin dashboard
2. Enter your Identity Provider (IdP) information into the Vendor Config section
3. Critical: Select "Force all domain users to sign-in using SAML" to enable learner-level analytics tracking
4. Test the authentication flow to ensure it works correctly

💡A full walkthrough of enabling SAML SSO in iorad

Step 2: Configure iorad SSO Settings

Recommended settings when using “Force all domain users to sign-in using SAML” for internal learner tracking:

• Disable tutorial creation: This removes creator tools from the extension for non-authorized users and prevents SAML-logged users from creating content unless they're designated team creators
• Show iorad learner help icon: Displays the "?" icon in the bottom right corner of websites with available tutorials
• Do NOT enable "Show team tutorials": This setting automatically gives view access to ALL team tutorials for SAML users. Instead, use Domain View Access at the tutorial level for more granular control

💡View our recommended iorad SSO settings configuration

Step 3: Set Tutorial Privacy to Invite Only

For content that should be only viewed by internal learners with the same email domain:

1. Create or select your tutorial
2. Set tutorial privacy to Invite Only
3. Click "Invite" on the right side of Privacy settings
4. Click Domain View Access
5. Add your organization's email domain (e.g., company.com)

This configuration ensures that:

• Users must log in via SSO to view content
• Learner-level analytics are captured automatically
• Content remains secure and not publicly accessible

Step 4: Deploy the Browser Extension

For just-in-time learning experiences:

• Distribute the iorad browser extension (Chrome, Firefox, or Edge) to all learners
• Ensure learners log in to the extension using their SSO credentials
• Important: Learners must be logged into the extension for tutorial content to appear in the library

Configuration for External Viewer Access

Scenario: Internal + External Viewers with Different Domains

When you need to track internal learner analytics but also allow external viewers (customers, vendors, partners) to access content:

Duplicate Tutorials for Different Privacy Levels

Recommended approach when you need to track internal learner analytics, and external viewers can have anonymous access:

1. Keep the original tutorial set to Invite Only with Domain View Access for internal learners
2. Duplicate the tutorial for external use
3. Set the duplicated tutorial to Unlisted or Embed Only, if accessed via a specific domain
4. Share the duplicate with external viewers

Result:

• Internal learners: Full analytics tracking via SSO
• External viewers: Can access content without creating accounts, but analytics will be anonymous

Most Secure Configuration Summary

For Internal Learner Tracking

| --- | --- | --- |

For Secure External Viewing

| --- | --- | --- | --- |

Important Considerations and Limitations

SSO and Analytics Requirements

• In order for iorad to track specific learner analytics, a learner must have an iorad account created and must be logged in
• SSO enablement is available on Team and Enterprise plans only
• Pre-provisioning accounts before first login is not currently supported via SSO or SCIM

Subdomain and Vendor Access

• SSO can be configured to allow a primary domain and multiple subdomains

Tutorial vs Library Privacy

• Library privacy and tutorial privacy work together to control access
• If Library is set to Invite Only but tutorials are Unlisted, users still need Library access to see content