User manual

Integrations

Introduction

The Integrations page serves for managing various integrations. From this page, you can view and manage available integrations, configure and access their features. The page can be accessed from the System panel in the left side menu.
On the Integrations page you will find these tabs:
1. Single sign-on - Set up an authentication scheme allowing users to log in with an external system's ID.
2. Webex settings - Configure the Webex integration and authenticate the Webex hosting account.
3. LRS settings - Set up automated sending test results to your Learning Record Store (LRS) and enable efficient progress tracking.
4. Active directory - Integrate YouTestMe seamlessly with Azure Active Directory using the OpenID Connect (OIDC) protocol to streamline user authentication processes. This integration empowers organizations to ensure secure and unified login experiences across various applications.
5. Proctoring settings - Configure parameters of proctoring service.
6. Proctorio settings - Configure parameters of Proctorio proctoring service.
7. E-commerce - Connect the system with a Stripe account.
8. LTI settings - Set up LTI integrations with external applications.
9. OpenID settings - Set up an authentication and authorization scheme allowing users to log in with an external system's ID.
10. Web API settings - Used to programmatically access the data from the YouTestMe application and store it in an external database or display it in another system.
11. REST API settings - See the REST API module details.
12. Greenhouse integration - Enable and setup the integration with Greenhouse.
Integrations
1. Single sign-on
  
  GetCertified can function as a Service Provider using the SAML 2.0 protocol, facilitating the exchange of authorization data with an Identity Provider. GetCertified is compatible with a range of Identity Providers, such as OneLogin, Okta, SSO Circle, and numerous others. With SAML 2.0-based Single Sign-on (SSO), you can configure multiple identity providers concurrently. Setting up SSO involves creating an SSO configuration and specifying the parameters of the identity provider. Each SSO configuration you establish includes an assertion consumer service endpoint responsible for handling the SAML response.
  
  On this tab, you can view all existing Single Sign-on configurations displayed in the table, including their names, descriptions, statuses, and available actions. Additionally, you can perform the following actions:
  1. Create new SSO configuration.
  2. Edit an existing SSO configuration.
  3. Delete an SSO configuration.
  1. Click the Create new button, and a pop-up window will appear where you can enter the parameters of the new SSO configuration.
  2. Enter the Name of the SSO configuration. The name must be unique for each SSO configuration since it identifies the SSO configuration.
  3. Optionally enter the Description of the SSO configuration.
  4. Choose the Status of the SSO configuration. If the status is Enabled, users will be able to log in with the identity provider specified in the configuration. Otherwise, they will not be able to do so.
  5. Go to the Okta app and log in. Then, navigate to the Applications tab and choose the Applications option from the drop-down menu.
  6. Click the Create App Integration button.
  7. Choose the SAML 2.0 option.
  8. Click the Next button.
  9. When the creation window appears, add App name - application URL.
  10. Click the Next button.
  11. Service provider Entity ID - The value represents the service provider's identifier. To easily copy the provided Service provider Entity ID URL from the GetCertified application for configuration with Okta, click the Copy to clipboard icon.
  12. Paste it to the Audience URI (SP Entity ID) field in Okta.
  13. Assertion consumer service URL - The field's value represents the end-point URL, where the SAML response from the identity provider will be returned. To easily copy the provided Assertion consumer service URL from the GetCertified application for configuration with Okta, click the Copy to clipboard icon.
  14. Paste it to the Single sign-on URL field in Okta.
  15. Add the Attribute statements from the example picture below to Okta.
  16. Use Attribute statements in the GetCertified application. (For an example, see the picture below).
  17. When you add Attribute statements in the GetCertified application, click the Next button in Okta.
  18. The next step in Okta is the last one. Choose the second option: I’m a software vendor. I’d like to integrate my app with Okta.
  19. Click the Finish button.
  20. After finishing, navigate to the SAML Certificates below the page.
  21. Click the Actions, and choose View IdP metadata for additional data, which has a status of Active.
  22. The XML file should open in a new tab, and you should copy the following marked information one by one from the file in the GetCertified application.
    
    EntityID.
    
    X509Certificate.
    
    Location.
  23. Paste the copied information to the following:
    
    Enter the Identity provider Entity ID, the identifier of the provider entity.
    
    Enter the Single sign-on service URL.
    
    Enter the Certificate, the public x509 certificate of the identity provider.
  24. Ensure that the Assertion consumer service binding is set on the HTTP-POST.
  25. Ensure that the Single sign-on service binding is set on the HTTP-POST.
  26. Click the Save button.
2. Webex settings
  
  Webex settings enable seamless integration and efficient proctoring for instructors and candidates, which involves authenticating the Webex hosting account.
  
  To set up the Webex integration, the first step is to register if you don't have an account or log in if you already have an account on the Webex for Developers application.
  
  Once logged into the app, click on your profile icon and select My Webex Apps.
  
  Click the Create a New App button.
  
  Click the Create an Integration button.
  1. Enter Integration name.
  2. Choose Icon.
  3. Enter App Hub Description.
  4. Enter Redirect URl(s). Copy the Redirect URI parameter from the Webex settings tab within the GetCertified Application and paste it here.
  5. Select all meetings Scopes.
  6. Click the Add integration button.
  1. Copy the Client ID from the Webex for Developers application and paste it into the Webex settings tab within the GetCertified Application.
  2. Copy the Client Secret from the Webex for Developers application and paste it into the Webex settings tab within the GetCertified Application.
  3. Redirect URI - Used to copy this parameter and paste it on the Webex for Developers application.
  4. Click the Save button.
  5. Click on the Get token button, and you will be redirected to the Webex page, where you should log in again with the hosting Webex account.
  6. Once you are logged in, click the Accept button.
3. LRS settings
  
  LRS integration with GetCertified ensures that the test results sending process goes successfully.
  1. Uploading all the results candidates made on the test.
  2. Making the test results available as the statements recorded by LRS.
  The LRS settings assure the manager of a test to send each candidate's test results into the LRS system and track each candidate's success. The explanation is just an example of the SCORM Cloud integration with GetCertified. You can use any other Learning Record Store that supports Tin Can API (xAPI).
  Before you start configuring LRS parameters in the Integrations, you need to log in to the LRS system.
  
  To set up your LRS parameters, visit the SCORM Cloud link and create an account if you don't already have one.
  1. Enter your email.
  2. Enter password.
  3. Click the Submit button.
  1. When you log in to the SCORM Cloud, open the xAPI LRS tab.
  2. Click the LRS Endpoints tab.
  3. Copy the Initial Application Realm URL.
  4. Paste it to the GetCertified application into the API endpoint field.
  1. When you set the API endpoint, click the Activity Provider tab.
  2. Copy the created key.
  3. Copy the created secret key.
  4. Paste it to the GetCertified application into the API key and API secret key fields.
  5. When entering all configuration data, save the changes by clicking the Confirm button.
  1. Select the Testing center/Candidates /Test attempts tab.
  2. Select the desired test and session.
  3. Select on the Data transfer option and choose Send test results to LRS.
  1. Click the xAPI LRS tab in the main menu.
  2. Open the LRS Viewer tab.
  3. Choose the right endpoint from the drop-down menu (the one we used for integration).
  4. Click the Refresh button.
  5. The list of information about which questions the candidate has answered and that the candidate has completed the test should appear.
4. Active directory
  
  Active directory integration offers a robust solution for managing user authentication and access control within your network infrastructure. By seamlessly connecting YouTestMe to Azure Active Directory through the OpenID Connect (OIDC) protocol, organizations can streamline user authentication processes and ensure secure, unified login experiences across applications. Additionally, synchronization with LDAP directories simplifies user management by maintaining accurate user profiles and enabling efficient authentication within YouTestMe.
  
  To enable user syncing configure integration, fill in the following fields:
  1. LDAP Server - The LDAP (Lightweight Directory Access Protocol) server hosts the directory service where user information is stored. This information is essential for authenticating users and managing access to resources within the network.
  2. Search Base - The search base specifies the starting point in the directory hierarchy where searches for user information will begin. It helps narrow the search scope and ensures efficient retrieval of relevant data.
  3. Search Filter - The search filter defines the criteria for searching for specific user entries within the directory service. It allows administrators to customize the search based on attributes such as usernames, group memberships, or organizational units.
  4. Service Account - The service account is a dedicated user account with permissions to access the directory service and perform necessary operations, such as querying user data. The integration system typically uses this account to authenticate and retrieve user information.
  5. Password - The password is the authentication credential associated with the Service Account. It is required to authenticate the Service Account and establish a secure connection with the LDAP Server for user synchronization and management tasks.
  Please visit this page for more detailed instructions on enabling user syncing and configuring integration with Microsoft Active Directory.
5. Proctoring settings
  
  The GetCertified AI proctoring solution provides a completely secure and transparent exam delivery and test-taking process. Upon activation, you will be provided with all the parameters for configuring the Proctoring service. If you request the Proctoring service before the application delivery, all settings will already be configured.
  
  Note: Proctoring service can be enabled upon request. For more information, contact the YouTestMe team at sales@youtestme.com.
  1. Configure Server settings.
  2. Preview the existing proctoring configurations.
  1. Enter the Proctoring server URL. This parameter represents the web address of the Proctoring server and will be provided by YouTestMe (e.g., https://demo.proctoring.com).
  2. Enter the Secret key provided by YouTestMe. Secret key is used for authenticating JWT and will be sent to the Proctoring server.
  3. Enter the Session template name. This parameter represents the name of the Proctoring session template created in the Proctoring application. The session template specifies the settings and metrics for the Proctoring session. Enter the default for the default session template.
  4. Use the API address of your server to receive proctoring results for each completed test. This API address is provided by YouTestMe and usually consists of a combination of the URL address of the GetCertified application and one of the endpoints (/proctoringResultsNew, /proctoringResults) of the Proctoring service. This address represents the server where the proctoring results will be sent. To easily copy the API address to the clipboard, click the Copy to clipboard icon.
  5. Use the Guest equipment check URL provided by YouTestMe. At this link, the user can check the equipment for a proctored test without signing in to the system. The link is a parameter of the email notifications and can be sent or shared with users to check their equipment without signing in to the system.
  6. Use the Equipment check URL provided by YouTestMe. At this link, the user can check the equipment for a proctored test but must be signed in to the system. The link is available on the Assignments page.
  7. Click the Confirm button if you want to save the Proctoring configuration.
  1. Add new configurations. Click the Create new button to initiate the creation of a new Proctoring configuration. A new pop-up window will appear, allowing you to enter the necessary parameters for the configuration.
  2. Preview or edit the existing configurations. Click the Edit button to preview or edit an existing Proctoring configuration. A new pop-up window will open, displaying the configuration parameters you can preview or edit as needed.
  3. Delete existing configurations. Click the Delete button if you wish to remove a Proctoring configuration. Confirm the deletion when prompted to delete the configuration permanently.
  1. Enter the Name of the Proctoring configuration.
  2. Optionally enter the Description of the Proctoring configuration.
  3. Choose the Status of the Proctoring configuration. If the status is Enabled, the configuration can be used, otherwise not.
  4. Enter the Session template name. This parameter represents the name of the Proctoring session template created in the Proctoring application. The session template specifies the settings and metrics for the Proctoring session. When creating a new configuration, the default value is equal to the Session template in Server settings.
  5. Use the API address of your server to receive proctoring results for each completed test. This API address is provided by YouTestMe and usually consists of a combination of the URL address of the GetCertified application and one of the endpoints (/proctoringResultsNew, /proctoringResults) of the Proctoring service. This address represents the server where the proctoring results will be sent. To easily copy the API address to the clipboard, click the Copy to clipboard icon.
  6. Use the Guest equipment check URL provided by YouTestMe. At this link, the user can check the equipment for a proctored test without signing in to the system. The link is a parameter of the email notifications and can be sent or shared with users to check their equipment without signing in to the system.
  7. Use the Equipment check URL provided by YouTestMe. At this link, the user can check the equipment for a proctored test but must be signed in to the system. The link is available on the Assignments page.
  8. Click the Save button to save the Proctoring configuration.
6. Proctorio settings
  
  Proctorio is an automated proctoring tool integrated with the GetCertified application. This integration ensures the total learning integrity of every assessment using state-of-the-art technology. It eliminates human error, bias, and much of the expense associated with remote proctoring and identity verification. The system automatically monitors the test attempt using behavioral trackers and records the entire process, marking the moments of suspicious behaviors. Once the exam is finished, the system stores the footage for subsequent human review and validation. Upon the activation, you will be provided with the necessary parameters to configure the integration with Proctorio.
  
  Note: Proctorio service can be enabled upon request. For more information, contact the YouTestMe team at sales@youtestme.com.
  1. Configure Server settings.
  2. Preview the existing proctorio configurations.
  1. Enter the API endpoint. This parameter represents the URL of the Proctorio API endpoint to create exam URLs.
  2. Enter the Secret key provided by GetCertified or Proctorio.
  3. Enter the Consumer key provided by GetCertified or Proctorio.
  4. Choose the Exam settings from the dropdown menu. Exam settings enable you to choose the Proctorio features you want to add and control during the proctoring session.
  5. Click the Confirm button if you want to save the Proctorio integration settings.
  1. Add new configurations. Click the Create new button to initiate the creation of a new Proctorio configuration. A new pop-up window will appear, allowing you to enter the necessary parameters for the configuration.
  2. Preview or edit the existing configurations. Click the Edit button to preview or edit an existing Proctorio configuration. A new pop-up window will open, displaying the configuration parameters you can preview or edit as needed.
  3. Delete existing configurations. Click the Delete button if you wish to remove a Proctorio configuration. Confirm the deletion when prompted to delete the configuration permanently.
  1. Enter the Name of the Proctorio configuration.
  2. Optionally enter the Description of the Proctorio configuration.
  3. Choose the Status of the Proctorio configuration. If the status is Enabled, the configuration can be used, otherwise not.
  4. Choose the Exam settings from the dropdown menu. Exam settings enable you to choose the Proctorio features you want to add and control during the proctoring session. When creating a new configuration, the default value is equal to the Exam settings in Server settings.
  5. Click the Save button to save the Proctorio configuration.
7. E-commerce
  
  The E-commerce functionality on GetCertified, allows you to handle payments for registration fees and course and session enrollments using Stripe as the payment gateway.
  
  Note: E-commerce feature can be enabled upon request. For more information, contact the YouTestMe team at sales@youtestme.com.
  
  On the E-commerce tab, you can set the prices for exam booking and training courses.
  
  To set up E-commerce, you must have a Stripe account and connect it with GetCertified.
  1. Log in to the existing Stripe account.
  2. Or, create a new account by clicking the Sign up option. For instructions on creating a new Stripe account, visit Creating a Stripe account chapter from the article.
  3. Once you log in to the Stripe, click the Developers tab.
  4. Open API Keys tab.
  5. On that tab, you will see Publishable key and Secret key. Those keys will be used to connect your Stripe account with the GetCertified application.
  6. To display the Secret key, click the Reveal test key button.
  7. Enter the Pop-up title. This title will be displayed when entering a payment card by the candidate.
  8. Enter the Pop-up description. This text will be displayed when entering a payment card by the candidate.
  9. Enter the Pop-up icon. This text will be displayed when entering a payment card by the candidate.
  10. Enter Stripe account ID from the Stripe application.
  11. Enter the Publishable key from the Stripe application.
  12. Enter the Secret key from the Stripe application.
  1. Enable setting custom price of testing session enrollment – Indicates if test managers can specify a custom price for session enrollment.
  2. Click the Add price option.
  3. Enter the Price and choose the price Currency.
  4. Remove the price by clicking on the Delete option.
  1. Enable setting custom price of training course enrollment – Indicates if training course managers can specify a custom price for training course enrollment.
  2. Click the Add price option.
  3. Enter the Price and choose the price Currency.
  4. Remove the price by clicking on the Delete option.
8. LTI settings
  
  To connect an external application (LTI tool consumer) with GetCertified, you can configure GetCertified as an LTI Tool provider by creating an LTI configuration. LTI is the standard for linking learning tools with platforms like learning management systems. Through this setup, users from the external application can seamlessly access GetCertified tests and receive the results back within the LTI tool consumer interface. The entire process begins within the GetCertified application, ensuring smooth integration and data exchange between both systems.
  1. You can add a new configuration by clicking the Create new button, which initiates the creation of a new LTI configuration. This action opens a pop-up dialog.
  2. Click the Edit button to preview or edit existing configurations. This action opens a new pop-up dialog where you can review and modify the configuration parameters according to your requirements.
  3. To delete existing configurations, click the Delet button associated with the configuration you wish to remove. Upon clicking, you will be prompted to confirm the deletion, ensuring you intend to delete the configuration permanently.
  1. Enter the Name of the LTI configuration. The name must be unique for each LTI configuration.
  2. Optionally enter the Description of the LTI configuration.
  3. Choose the Status of the LTI configuration. If the status is Enabled,the configuration can be used for LTI Launch from the LTI Tool consumer. Otherwise, not.
  4. The Role code attribute is used to specify the role code corresponding to the role that will be assigned to users accessing the application via LTI. You can use the role code from the relevant role in the Roles and Permissions tab.
    
    Note: If this field is left blank, user role assignment follows these rules: If a role code is not set here, the system will use the role defined in the external system attempting to access our application via LTI. If no role is defined there either, the default role Student will be assigned.
  5. Click the Save button to save the LTI configuration. The Edit dialog will appear where you can see and update the parameters of the LTI configuration.
  1. Enter the Name of the LTI configuration. The name must be unique for each LTI configuration.
  2. Optionally enter the Description of the LTI configuration.
  3. Choose the Status of the LTI configuration. If the status is Enabled, the configuration can be used for LTI Launch from the LTI Tool consumer. Otherwise not.
  4. The Role code attribute is used to specify the role code corresponding to the role that will be assigned to users accessing the application via LTI. You can use the role code from the relevant role in the Roles and Permissions tab.
    
    Note: If this field is left blank, user role assignment follows these rules: If a role code is not set here, the system will use the role defined in the external system attempting to access our application via LTI. If no role is defined there either, the default role Student will be assigned.
  5. Use the provided Consumer key to configure the LTI Tool consumer. It represents the unique ID of the LTI configuration and, together with the provided Secret key, is used to verify the LTI Launch request. The LTI Launch request must contain provided Consumer key value in the oauth_consumer_key parameter. Click the Copy to clipboard icon to copy the Consumer key to the clipboard.
  6. Use the provided Secret key to configure the LTI Tool consumer. It represents the secret key an LTI Tool consumer uses to sign the LTI Launch request and the LTI tool provider GetCertified to verify the signature. Click the Copy to clipboard icon to copy the Secret key to the clipboard.
  7. Use the provided Signature method to configure the LTI Tool consumer. It represents the signature algorithm an LTI Tool consumer must use to sign the LTI Launch request. The LTI Launch request must contain provided Signature method value in the oauth_signature_method parameter. The only supported signature method is HMAC-SHA1.
  8. Use the provided Message URL to configure the LTI Tool consumer. It represents the LTI endpoint where should LTI Tool consumer send the LTI Launch request.
  9. Use the provided LTI version to configure the LTI Tool consumer. It represents the LTI version that an LTI Tool consumer must use to send the LTI Launch request. The only supported version is LTI-1po. Click the Copy to clipboard icon to copy the Message URL to the clipboard.
  10. Click on the Save button to save the LTI configuration.
  The next important step is to create a test. You can check the following link for help with the test creation.
  
  Note: It is important to create active self-enrollment sessions and publish the test to allow test-taking through LMS.
  
  Important information is the Test ID and a Testing session ID since you can set the integration to assign the candidates to the testing session directly or give them access to the test where they can choose in which testing session they want to start the test.
  1. Select Tests/Manage tests tab and open desired test.
  2. Navigate to the Settings/Basic information tab.
  3. The test ID will be displayed in the Test ID field.
  1. Select the Schedule button of the desired test.
  2. In the Testing sessions tab, you'll find a list of all scheduled testing sessions for the selected test.
  3. Locate the Session ID column within the table to find the respective Testing Session ID.
  1. Access the Platform Emulator.
  2. Navigate to the Security Model tab.
  3. In the Message URL field, enter the Message URL text from the GetCertified application.
  4. In the Consumer key field, enter the Consumer key text from the GetCertified application.
  5. In the Shared secret field, enter the Secret key text from the GetCertified application.
  6. Click the Save button on the top left corner.
  1. Navigate to the Message tab.
  2. In the Custom parameters field, enter the test_id=desired_test_id.
  3. Click the Save button.
  1. Navigate to the Message tab.
  2. In the Custom parameters field, enter the testing_session_id=desired_testing_session_id.
  3. Click the Save button.
9. OpenID Settings
  
  GetCertified application can act as a Client in the OpenID Connect Single Sign-on (SSO) protocol, which allows user authentication and authorization by an Identity Provider, for example, Azure AD, Okta, etc. OpenID Connect-based SSO can be configured for multiple Identity Providers simultaneously. You need to create an OpenID configuration and define the parameters of the Identity Provider and the Client (GetCertified application).
  
  Note: As an example, we will use Microsoft Azure as the OpenID Connect Identity Provider. Some basic information regarding the OpenID Connect integration can be found on the following link.
  
  On this tab, you can access a comprehensive table displaying all existing Open ID configurations featuring details such as their names, descriptions, statuses, and available actions. Additionally, you can perform various actions, including:
  1. Click the Create new button to create a new OpenID configuration. A pop-up window will appear, allowing you to input the required parameters.
  2. Click the Edit button to preview or modify an existing OpenID configuration. A pop-up window with the same fields as the one for adding a new configuration will appear, enabling you to change the parameters of the selected OpenID configuration.
  3. Delete existing configurations. Click the Delete button if you wish to remove an Open ID configuration. Confirm the deletion when prompted to delete the configuration permanently.
  1. The Name of the OpenID configuration.
  2. The Description of the OpenID configuration.
  3. The Status of the OpenID configuration. If the status is Enabled, users will be able to log in with the IP specified in the configuration. Otherwise, they will not be able to do so.
  4. The Configuration URL - URL where the configuration of the OpenID IP can be found, for example authorization endpoint URL, token endpoint URL, supported scopes etc. The OpenID IP provides this parameter.
  5. The Client ID - Public identifier for the client (GetCertified application). The OpenID IP provides it when registering the application.
  6. The Client secret - Value the client uses to exchange an authorization code for a token. The OpenID IP provides it when registering the application.
  7. The Scope - Specify what access privileges are requested as part of the authorization.
  8. GetCertified automatically generates the Initiate Login URL parameter in the configuration. This is the URL of the GetCertified endpoint that initiates the sign-in flow upon receiving a request. When the OpenID IP redirects to this endpoint, the client is triggered to send an authorization request. This parameter is optional, and if used, it is copied from the configuration window and pasted to the appropriate field in the app settings on the IP side.
  9. The Callback URL parameter is automatically generated in the configuration by GetCertified. This is the URL of the callback endpoint where the OpenID IP redirects the user's browser and sends security tokens after authentication. On the IP side, this parameter might be referred to as "redirect URI" as well, and you have to copy it from the configuration window and paste it there.
  10. The OpenID provider can send a request to this URL to initiate the logout on the client side when the user logs out. Sending a request to this URL will clear user session data in YouTestMe, and the user will have to log in again to access the application.
  11. Mapping of the Authorization server (IP) claims to the GetCertified user profile attributes. Claims are name/value pairs that contain information about a user. The claims can be sent using the access token, the ID token, or the UserInfo endpoint data. An access token is an authorization in the form of a string given to an application to access a user's protected data. An ID token is a string that contains information about a user and proves that the user has been authenticated. The UserInfo endpoint returns claims about an authenticated user. The mapping from the claims can be specified for each GetCertified user account attribute. When a pop-up window for a new OpenID configuration opens, the default values are set for the most important attributes (username, email, first name, last name, role). These values are only suggestions, and they can be changed. Every value represents a JavaScript expression based on which the corresponding attribute is evaluated
    
    The expression id_token.preferred_username can obtain the Username attribute value (assuming that the preferred_username claim is included in the ID token on the IP side). This means the result of evaluating id_token.preferred_username will be mapped to the Username attribute. A username is a unique identifier for the user, based on which it is determined whether the received claims are used to update an existing one or to create a new user.
    
    user_info.email can be mapped to the Email attribute (assuming that the data sent by the UserInfo endpoint includes the email claim).
    
    As a special case of a JavaScript expression, a constant represented by a string value (surrounded by single or double quotes) can be mapped to an attribute.
    
    Note: Role code attribute is a predefined code – ‘ATT’ which shouldn’t be changed. With that setting, all users that log in using Open ID will get a Student role. If you wish to modify the role mapping, you can utilize the role code from the relevant role in the Roles and Permissions tab to create a new OpenID configuration or update the existing one.
    
    Under Microsoft Azure, you can add claims to be sent in access token/ID token or add a new group of users. For example, we created several groups corresponding to the user roles in our application and assigned users to these groups. We determine the user role based on the group they belong to. The image below shows the groups we created. Every group is identified by its Object Id, which we use in the JavaScript expression for the Role code attribute.
    (id_token.groups.indexOf('4d04909b-724e-40b6-a88b-2a2105dc71f8') !== -1) ? 'ADM'
    (id_token.groups.indexOf('79c0f2bc-6d22-4339-b6e3-c66806c6eee3') !== -1) ? 'INS'
    (id_token.groups.indexOf('efd42294-9ab6-4dff-a885-473ec3e62a09') !== -1) ? 'PRC'
    (id_token.groups.indexOf('c67c9db2-1323-477d-ba4d-a173aec87e52') !== -1) ? 'ATT'
    From the example above, a user who belongs to the Ytm admin group (in IP side) will have an administrator role in GetCertified app, a user who belongs to the GetCertified instructors group, an instructor role, etc.
  12. A new pop-up window opens when clicking the Test attribute mappings button, which tests the mappings between the IP's claims and GetCertified user profile attributes. This allows you to manually define strings in JSON format that simulate data received by the IP and examine the values of user profile attributes for that particular case.
    
    When the pop-up window opens:
    
    Enter a JSON string that simulates the payload of an access_token received by the IP.
    
    Enter a JSON string that simulates the payload of an id_token received by the IP.
    
    Enter a JSON string that simulates the data received as the response to a request to the user_info endpoint of the IP.
    
    The User profile attribute values corresponding to the above IP data are displayed by clicking the Test button.
  1. Enter the Name of the OpenID configuration.
  2. Optionally enter the Description of the OpenID configuration.
  3. Select the Enabled status of the OpenID configuration.
  4. Go to the Overview tab.
  5. Click the Add button and then click the App registration button.
  6. Enter the name of the new registration.
  7. Click the Register button.
  8. When the registration is created, navigate to the Endpoints.
  9. Copy the OpenID Connect metadata document.
  10. Paste the URL into the Configuration URL field in the GetCertified application.
  11. Copy the data from the Application (client) ID field.
  12. Paste it to the Client ID field in the GetCertified application.
  13. Go to the Certificates & secrets tab.
  14. Open the Client secrets tab.
  15. Click the New client secret button.
  16. Enter the Description for this client's secret.
  17. Click the Add button.
  18. Once the Client secret is created, copy the Value.
  19. Paste it to the Client secret field in the GetCertified application.
  20. Go to the API permissions tab.
  21. Click the Add a permission button.
  22. Choose the Microsoft Graph.
  23. Choose the Delegated permission.
  24. Select the OpenId permissions as in the picture below.
  25. Click the Add permissions button.
  26. After you add permissions, it should be displayed as below.
  27. Go to the Token Configuration tab.
  28. Click the Add optional claim button.
  29. Choose the ID option.
  30. Select the Claims as in the picture below.
  31. Click the Add button.
  32. Click the Add groups claim button.
  33. Select group types to include in Access, ID, and SAML tokens, as in the picture below.
  34. Open the ID dropdown, and choose the Group ID option.
  35. Click the Add button.
  36. Username attribute - Copy and paste this value: id_token.preferred_username.
  37. Email attribute - Copy and paste this value: user_info.email.
  38. Enter the Role code attribute. Copy and paste this value: ‘ATT’.
  39. Go to the Authentication tab.
  40. Click the Add a platform button.
  41. Choose the Web option.
  42. Copy and paste the Callback URL from the GetCertified application into Redirects URl.
  43. Click the Configure button.
  44. After adding all the mandatory fields, click the Save button to save the configuration.
10. Web API settings
  
  Web API is used to programmatically access data from the GetCertified application, store it in an external database, or display it in another system.
  1. Web API enabled - To utilize the Web API effectively, ensure it is enabled.
    
    Note: Request to Web API will fail if Web API is not enabled.
  2. Web API key - We recommend using a random and non-guessable string as your API key for enhanced security. Adding this key as a request header "X-Api-Key" will authorize your API requests.
  3. Web API link - Use this link to access the YouTestMe GetCertified REST APIs, which you can integrate into your system. If the link is not working, it may indicate that the API service needs to be activated. Please reach out to the YouTestMe team to request activation of the service. Refer to this article for instructions on using the YouTestMe GetCertified REST API.
  4. Personal report endpoint - This endpoint allows you to retrieve the content of the personal report for a specific attempt by sending an HTTP GET request. Simply replace the "#{attemptId}" part of the link with the actual ID of the attempt you want to retrieve. The content of the personal report will be returned as the body of the HTTP response. You can find the attempt ID in the Attempt ID column of the Candidates table on the test page. Ensure that the attempt has been started, and the test must have a Score and details report setting to download the report.
  1. Click the toggle button to Enable Web API.
  2. Enter your Web API key (e.g., "WEBAPIKEY"). This key will serve as your authorization token for making API requests.
  3. Click the Confirm button.
  4. Download the simple-modify-headers extension for Google Chrome from the Chrome Web Store.
  5. After downloading the extension, click on the extension icon in your browser's toolbar to open the extension and click on Configure button within the extension.
11. REST API settings
  
  With the YouTestMe REST API and Webhooks you can build integrations with other applications using Zapier or Make, or you can develop custom integrations. The REST API settings tab displays the basic API information if the REST API is enabled:
  1. Base API URL - The base URL of the YouTestMe REST API endpoints. For Zapier and Make integration you need this link for the authorization.
  2. REST API documentation - The link to the REST API and Webhooks documentation.
  3. Enabled resources - To forbid/permit the access to the API resources, deselect/select the resources from the dropdown list. API calls to the paths of disabled resources will result with 403 (Forbidden) status response with the proepr error message.
  4. Press Confirm button to save the configuration.
  Before integrating the YouTestMe using the REST API and Webhooks, please review the following useful links:
  1. Exploring YouTestMe REST API documentation – This video demonstrates how to use YouTestMe REST API documentation to explore the API capabilities and try available endpoints. Also, it explains how to log in to REST API with the Basic and JWT Token authorization.
  2. How to Use YouTestMe Webhooks - This video demonstrates how to register to the YouTestMe Webhooks to receive updates about specific events in the YouTestMe application.
  3. YouTestMe integration scenarios and approaches - On this page, you can see the different approaches and scenarios for integrating YouTestMe with other applications, that can help you build your integrations with YouTestMe.
  4. YouTestMe Zapier integration - Explains how to integrate YouTestMe with the applications available on Zapier.
  Note: The REST API is a module from YouTestMe EE edition. To get the REST API module, contact the YouTestMe team at sales@youtestme.com.
  
  If the YouTestMe REST API module is not enabled you will see the warning message in red:
12. Greenhouse integration
  
  YouTestMe has implemented the Greenhouse Assessment Partner API which allows you to seamlessly integrate YouTestMe assessments into your Greenhouse interview workflow. To set up the Greenhouse integration, please follow these steps:
  1. Enable Greenhouse integration to use it. Request to Greenhouse integration endpoints will fail if Greenhouse integration is not enabled.
  2. When you enable the Greenhouse integration the API key is generated and displayed. Provide this key to Greenhouse team to setup the YouTestMe integration. For more information about setting up the integration on the Greenhouse side, visit the following link.
  3. When the integration is set up on the Greenhouse side, Greenhouse team will provide you the credentials for "Mark test as completed" endpoint. After that you can enable the "Notify Greenhouse when the attempt report is completed" to imeadiatly publish attempt results to Greenhouse when the report is completed. You will be required to enter Username and Passsword provided by Greenhouse. If you don't enable this option the results will not be visible immeadiatly
  4. You may allow only the tests with a specific delivery preference to be offered in Greenhouse by selecting the Greenhouse test delivery preference. If you select Any, all tests will be offered. You can label the tests with one of the delivery preferences in the Test wizard or under the Test settings.
  5. Set the time period in which grading attempt link will be valid. When grading attempt link is generated, set time will be calculated from the current time. After the time has passed, link will be invalid. If the 'Unlimited' option is selected, generated link will always be valid.
  6. Press Confirm button to save the configuration.
  Note: For the Greenhouse integration, the REST API module must be enabled. To request REST API access, please contact the YouTestMe team at sales@youtestme.com.
  
  If the YouTestMe REST API module is not enabled, you will see the warning message in red: