FAQ: New Identity server (IDS)

The identity provider controls who can log into your Kallidus products and what features they will see when logged in. We are in the process of upgrading to the latest and most secure version of the identity provider, so you can continue to benefit from the very latest technology and the smoothest login journey for your people.

Not sure which identity provider you're using? Follow these steps to find out which Identity provider you're using. 

Multi-factor authentication (MFA) can be configured in your site

Multi-factor authentication streamlines the log-in process for your people and offers extra security.

Self-registration can be configured in your site

When configured, learners can self-register in your Learn LMS without waiting to be added manually by the admin team, or by an automated People data-feed.

The process for manually adding users is different with IDS

You’ll still be able to add one-off Users and multiple Users via a spreadsheet import. Take a look at the below articles for more detail(link to articles)

• How to manually add a User to Learn (with IDS)
• How to import Users to Learn (IDS)

The process for changing a Users password is different for IDS

You’ll still be able to change a Users password, it will just happen in a different place

IDS is the first step towards getting all new reporting and analytics with Power BI

We’re developing all new reporting and analytics with Power BI, and to get access to the new reports, you’ll first need to move to IDS.

Your Customer Experience Manager will contact you to discuss the move to Power BI. In the meantime, take a look at the Reporting and analytics FAQ, and view the New Knowledgebase area for more detail.

Sites with IDS can have multiple SSO providers

If your population uses more than one SSO provider then you can allow this to be setup. Your users will be routed to a login page where they can choose the right SSO option for them.

This upgrade will improve the login process, as only one set of credentials will be required, where two credentials are required now. Sapling will also then appear in the Top Navigation Bar, making it easier to navigate between multiple Kallidus products.

We will continue to support your current authentication methods and these will be upgraded and supported as now. If you use SSO, then you will need to configure new Single Sign-on (SSO) configuration information before upgrading. This article describes how to do this.

The even better news is that it provides the platform for us to roll out new and exciting modern authentication features, so keep your eyes open for upcoming news on this!

No. For those people who use a username/password then this will remain the same.  People will be able to login using the same credentials as before.   

If you use more than one Kallidus product, you will only need to use one set of username and passwords to log into the Kallidus products moving forward. Once the upgrade has happened, your people can log in with the password they previously used to log into Learn/Perform/Recruit or that they used for Sapling. 

This will be the only password used for logging into all Kallidus products from that point forward. i.e. the same username/password will work for all Kallidus products once the upgrade has happened.

IDS does require stronger, more secure passwords, so any Users with a password that falls below the minimum complexity requirements will prompted to change it for a more secure password. This will happen automatically when they log in with their current password. 

The options are:

• Username/Password only: If all users exclusively use username and password for login, the login page will automatically display the username and password fields
• SSO only: If all users login exclusively with SSO, the option to log in with username and password can be disabled
• Mixed login methods: If some users log in with Single Sign-On (SSO) and others use a username and password, the login page can be configured to appear, allowing users to choose their preferred login method

SSO only information. Follow these steps to force the login page to appear (if otherwise, it might be hidden):

1. Select the ‘Manage users’ tab (this is only visible post-upgrade) 
2. Go to ‘settings’
3. Switch on the first toggle 'Allow log in using email/username and password'. 

Your learners are unlikely to notice any change. If learners login with a username and password (rather than SSO) then they will still go to a login page. This page will look slightly different but will still allow them to login as usual.

From an admin perspective, the large chunks of admin will be the same. However, you will see a new area entitled 'Manage users'. This will allow you to add Users (if needed) and change passwords if somebody has forgotten theirs.

If you manually import Users into Learn then you will also experience a change in the way this occurs.  This does not impact your 'feed' into Learn but our manual import has been improved.  You can find out more about this here.  

When your site moves to IDS, records of previous sign-ins will no longer be available. If you would like to keep a record of sign in activity prior to upgrading to IDS, we recommend exporting the data in the 'Monthly statistics report' to an Excel spreadsheet for future reference. 

We will contact you with the information about your upgrade timeline. If you are unsure, please speak to your Customer Experience Manager (CEM) in the first instance. Your site will be unavailable for around 5 minutes from the start of your upgrade time. We'll outline this in our communications with you. 

There are two options here:

1.  Use our self service upgrade page. This gives you control over your upgrade and when it occurs. We are contacting customers in groups to make this self service upgrade page available.  We recommend getting your IT team involved from the start of the process.

2.  Having a meeting with Kallidus about your upgrade.  Please discuss this with your Customer Experience Manager (CEM) if you would like for this to happen.  

As part of your upgrade, you will start to use the new Manage users area. This area allows users to see all people within your system. They will see all records. These records include names, usernames and email addresses.

Once you have upgraded, you can give people access to the Manage Users tab. Only the person we contacted about your upgrade will have initial access.

 

The upgrade only takes a few minutes to move over. Your site will 'blip' to downtime for a few minutes before being fully available again. We will arrange this to be at a quiet part of the day. As such, we do not recommend you advise your users on this occasion. 

Important: If your Users use a '/external' link, this will continue to work post-upgrade. 

 

• We allow 5 incorrect username/password attempts
• On the sixth incorrect attempt, the User will be locked out for 5 minutes
• After 5 minutes the User can try again
• No administrator intervention is required

We will support all the Single Sign-on (SSO) types we currently support. So, if your SSO currently works then you can expect this to be compatible post upgrade. In addition, we can now support any SSO product which is underpinned by one of these protocols:  

• SAML 2
• OIDC
• WS-Federation

Yes.

We are moving to a more standard and secure password recovery where you enter your email address to recover your password. Questions and answers will no longer be part of this process.