User manual

Integrations

"Single sign-on" , "Webex Settings", "LRS settings", "Active Directory" , "Proctoring settings", "Proctorio settings", "E-commerce" "LTI settings", "OpenID settings" and "Web API settings" are located in the "Integrations" page.

  1. Accessing the page

    To access the "Integrations" page, you should click on the "System" menu and select "Integrations."

  2. Page layout

    On the "Integrations" page you will find these tabs: "Single sign-on" ,"Webex settings", "LRS settings" , "Active Directory", "Proctoring settings", "Proctorio settings" and "Web API settings".


    1. Single sign-on

      GetCertified can act as a Service Provider through the SAML 2.0 protocol, which allows the exchange of authorization data with an Identity Provider. GetCertified supports OneLogin, Okta, SSO Circle, and many other Identity Providers.

      SAML 2.0 based Single Sign-on (SSO) can be configured for multiple identity providers simultaneously. You need to create an SSO configuration and define the parameters of the identity provider. Each created SSO configuration you create has an assertion consumer service end-point that will process the SAML response.

      1. To access the Single sign-on configuration panel, choose the "Single Sign-on" tab on the "Integrations" page.

      2. By clicking the "Add new configuration" button, a new pop-up window will appear where you can enter the parameters of the new SSO configuration.

      3. All existing Single sign-on configurations are displayed in the table with their names, descriptions, statuses, and available actions.

      4. By clicking the edit icon, a pop-up window will appear, where you can change the parameters of the selected SSO configuration.

      5. SSO configuration can be deleted by clicking the trash can icon.

      When creating a new or updating an existing SSO configuration, you need enter the parameters for configuring the service provider's side. GetCertified provides the parameters that you need to configure the identity provider's side.

      1. Enter the "Name" of the SSO configuration. The name must be unique for each SSO configuration since it identifies the SSO configuration.

      2. Optionally enter the "Description" of the SSO configuration.

      3. Choose the "Status" of the SSO configuration. If the status is "Enabled," users will be able to sign in with the identity provider specified in the configuration. Otherwise, they will not be able to do so.

      4. Use the provided "Service provider Entity ID" URL to configure the service provider on the identity provider's side. The value represents the service provider's identifier.

      5. Use the provided "Assertion consumer service URL" to configure the service provider on the identity provider side. The field's value represents the end-point URL, where the SAML response from the identity provider will be returned.

      6. Choose the "Assertion consumer service binding" that is suitable for the identity provider. The field's value represents the SAML protocol binding when returning the SAML response from the identity provider.

      7. Enter the "Identity provider Entity ID," identifier of the provider entity. The entered value must be an URL.

      8. Enter the "Single sign-on service URL," an URL of the identity provider's single sign-on service end-point, where the service provider will send the authentication request.

      9. Choose the "Single sign-on service binding," a SAML protocol binding when the service provider sends the authentication request to the identity provider.

      10. Input the "Certificate," the public x509 certificate of the identity provider. The certificate must be in a string format without headers. Use the tool on the following link to convert the certificate to a string format without headers.

      11. Enter the "Username attribute," the name of the assertion in the SAML response whose value will be used as the GetCertified user's username.

      12. Enter the "Email attribute," the name of the assertion in the SAML response whose value will be used as the GetCertified user's email.

      13. Optionally enter the "First name attribute," the name of the assertion in the SAML response whose value will be used as the GetCertified user's first name.

      14. Optionally enter the "Last name attribute," the name of the assertion in the SAML response whose value will be used as the GetCertified user's last name.

    2. Webex settings

      To set up the Webex integration, choose the "Webex settings" tab on the "Integrations" page.
      "Client ID" and "Client Secret" need to be configured. You can find this information after you register the integration on the hosting Webex account.

      You should log in with the Webex hosting account on https://developer.webex.com/.

      Click on the profile icon and choose "My Webex Apps".

      Click on "Create a New App."

      1. Enter integration name.

      2. Enter Contact email.

      3. Choose icon.

      4. Enter Description.

      5. Enter Redirect URI, use the Redirect URI parameter from Webex Settings .

      6. Select all "Meetings" Scopes.

      7. Click "Add integration."

      Once you create an integration, you will get the "Client ID" and "Client Secret."

      1. Copy "Client ID" in the GetCertified Application under the "Webex settings" tab.

      2. Copy "Client Secret."

      3. Enter the "Redirect URL"

      4. Click the "Save" button.

      5. Once you are logged in, click the "Accept" button.

      Once you accept, the "Validate token" button will appear in the GetCertified application, which is an indication that you have access to this token.

    3. LRS settings

      The LRS settings assure the manager of a test to send each candidate's test results into the LRS system and track each candidate's success.
      The given explanation is just an example of the Yet Analytics Learning Record Store integration with GetCertified. You can use any other Learning Record Store that supports Tin Can API (xAPI). Before you start configuring LRS parameters in the Integrations, you need to log in to the LRS system. To set up your LRS parameters :

      1. Visit the Yet Analytics link.

      2. Sign up to receive the verification email.

        After the successful signing up into the LRS system, you can log in to the LRS. To do so :

      1. Enter your email.

      2. Enter password.

      3. Click the "Sign in" button.

        4. If you forgot the password:

      4. Click on the "Reset password" link.

      Note: After you log in with your LRS user credentials, you will receive your API endpoint, API key, and API secret key to make the LRS integration with GetCertified possible. When you log in to the LRS, you can see the LRS parameters you will insert to finish the configuration process.

        To preview your LRS parameters:

      1. Click "LRS SETTINGS."

      2. Click "Info."

      The pop-up window will open, and there you can see all the needed parameters you will insert in the GetCertified.

        To configure learning record store parameters, go to the "Integrations" page, find the "LRS settings" tab, and fill the following fields:

      1. API endpoint - insert the endpoint URL LRS has provided you.

      2. API key - insert the key, which provides you authentification.

      3. API secret key - insert the secret key used for the authentication process as well.

      4. Click the "Confirm" button to save the configuration.

      5. Click the "Cancel" button to revert the changes.

    4. Proctoring settings

      Please note that the Proctoring service can be enabled only upon your request. For more information, contact the YouTestMe team at sales@youtestme.com. Upon activation, you will be provided with all the necessary parameters for configuring the Proctoring service. In case you request the Proctoring service before the application delivery, all settings will already be configured.

      To access the Proctoring service, choose the "Proctoring settings" tab on the "Integrations" page.

      Server settings

      1. Enter the "Proctoring server URL". This parameter represents the Web address of the Proctoring server and is provided by YouTestMe.

      2. Enter the "Secret key" provided by YouTestMe.

      3. Enter the "Session template" name. This parameter represents the name of the Proctoring session template created in the Proctoring application. The session template specifies additions and metrics of the Proctoring session. Enter the "default" for the default session template.

      4. Use the "API address" provided by YouTestMe. Typically, it is a combination of the URL address of the YouTestMe GetCertified application and one of the endpoints (/proctoringResultsNew, /proctoringResults) of the Proctoring service. It represents the address of the server to receive Proctoring results for each test once it is completed. To copy the "API address" to the clipboard, click the "Copy to clipboard" icon.

      5. Use the "Guest equipment check URL" provided by YouTestMe. At this link, the user can check the equipment for a proctored test without signing in to the system. The link is a parameter of the email notifications and can be sent or shared with users to check their equipment without signing in to the system.

      6. Use the "Equipment check URL" provided by YouTestMe. At this link, the user can check the equipment for a proctored test but must be signed in to the system. The link is available on the "My assignments" page.

      7. Click the "Confirm" button if you want to save the Proctoring configuration.

      8. To reset the changes you have made, click the "Cancel" button.

      Configurations

      1. To access Proctoring configurations, choose the "Configurations" in the "Proctoring settings" tab.

      2. To create a new Proctoring configuration, click the "Add new" button. A new pop-up window will appear where you can enter the parameters of the new Proctoring configuration.

      3. All Proctoring configurations are displayed in a table with their names, descriptions, statuses, and available actions.

      4. To preview or update a Proctoring configuration, click the update icon. A new pop-up window will appear where you can see and update the parameters of the Proctoring configuration.

      5. To delete a Proctoring configuration, click the trash can icon, and confirm the deletion in the "Confirmation dialog".

      The steps to create a new, or update an existing Proctoring configuration are listed below and marked on the image below:

      1. Enter the "Name" of the Proctoring configuration.

      2. Optionally enter the "Description" of the Proctoring configuration.

      3. Choose the "Status" of the Proctoring configuration. If the status is "Enabled," the configuration can be used, otherwise not.

      4. Enter the "Session template" of the Proctoring configuration. This parameter represents the name of the Proctoring session template created in the Proctoring application. The session template pecifies additions and metrics of the Proctoring session. When creating a new configuration, the default value is equal to the "Session template" in Server settings .

      5. Use the "API address" provided by YouTestMe. Typically, it is a combination of the URL address of the YouTestMe GetCertified application and one of the endpoints (/proctoringResultsNew, /proctoringResults) of the Proctoring service. It represents the address of the server to receive Proctoring results for each test once it is completed. To copy the "API address" to the clipboard, click the "Copy to clipboard" icon.

      6. Use the "Guest equipment check URL" provided by YouTestMe. At this link, the user can check the equipment for a proctored test without signing in to the system. The link is a parameter of the email notifications and can be sent or shared with users to check their equipment without signing in to the system.

      7. Use the "Equipment check URL" provided by YouTestMe. At this link, the user can check the equipment for a proctored test but must be signed in to the system. The link is available on the "My assignments" page.

      8. Click the "Save" button to save the Proctoring configuration.

      9. Click the "Cancel" button to close the dialog.

    5. Proctorio settings

      Please note that the Proctorio can be enabled only upon your request. For more information, contact the YouTestMe team at sales@youtestme.com. Upon the activation, you will be provided with the necessary parameters to configure the integration with Proctorio.

      To access the Proctorio automated proctoring service, choose the "Proctorio settings" tab on the "Integrations" page.

      Server settings

      1. Enter the "API endpoint". This parameter represents the URL of the Proctorio API endpoint and is provided by YouTestMe or Proctorio.

      2. Enter the "Secret key" provided by YouTestMe or Proctorio.

      3. Enter the "Consumer key" provided by YouTestMe or Proctorio.

      4. Choose the "Exam settings" from the dropdown menu. Exam settings enable you to choose the Proctorio features you want to add and control during the proctoring session.

      5. Click the "Confirm" button if you want to save the Proctorio integration settings.

      6. To reset the changes you have made, click the "Cancel" button.

      Configurations

      1. To access Proctorio configurations, choose the "Configurations" in the "Proctorio settings" tab.

      2. To create a new Proctorio configuration, click the "Add new" button. A new pop-up window will appear where you can enter the parameters of the new Proctorio configuration.

      3. All Proctorio configurations are displayed in a table with their names, descriptions, statuses, and available actions.

      4. To preview or update a Proctorio configuration, click the update icon. A new pop-up window will appear where you can see and update the parameters of the Proctorio configuration.

      5. To delete a Proctorio configuration, click the trash can icon, and confirm the deletion in the "Confirmation dialog".

      The steps to create a new, or update an existing Proctorio configuration are listed below and marked on the image below:

      1. Enter the "Name" of the Proctorio configuration.

      2. Optionally enter the "Description" of the Proctorio configuration.

      3. Choose the "Status" of the Proctorio configuration. If the status is "Enabled," the configuration can be used, otherwise not.

      4. Choose the "Exam settings" from the dropdown menu. Exam settings enable you to choose the Proctorio features you want to add and control during the proctoring session. When creating a new configuration, the default value is equal to the "Exam settings" in Server settings.

      5. Click the "Save" button to save the Proctorio configuration.

      6. Click the "Cancel" button to close the dialog.

    6. E-commerce

      On the "E-commerce" tab you can set the prices for exam booking. For more information click on the article How to organize an exam booking.

      If you want to set the prices for training course, for more information click on the article How to set up training course fees.

    7. Web API Settings

      Web API is used to programmatically access the data from the YouTestMe application and store it in an external database or display it in another system. To use the Web API, enable the module and set the API key, which should be sent as the header of each request.

      1. To configure the Web API Settings, choose the "Web API Settings" tab on the "Integrations" page.

      2. Enable the Web API to use it. Request to Web API will fail if Web API is not enabled.

      3. Enter the "API key", it is recommended to be a random non-guessable string. The API key must be added as a request header "X-Api-Key" to authorize the request.

      4. Use this link to send the HTTP GET request to retrieve the content of the personal report for the attempt with the ID specified as the "id" query parameter. Replace the "#{attemptId}" part of the link with the actual ID of the attempt. The content of the personal report is returned as the body of the HTTP response. The attempt ID can be found in the "Attempt ID" column of the "Candidates" table on the test page. The attempt must be started, and the test must have a "Score and details" report setting to download the report. The code sample written in Java is located on the following link.

      5. Copy the "Personal report endpoint" to clipboard.

      6. Click the "Confirm" button if you want to save the Web API settings.

      7. To reset the changes you have made, click the "Cancel" button.

    8. LTI settings

      YouTestMe GetCertified can be configured as an LTI Tool provider by creating an LTI configuration. Connect the external application (LTI tool consumer) using the created LTI configuration. The users from the external application will be able to access YouTestMe GetCertified tests seamlessly and receive the results back to the LTI tool consumer. You can preview the existing LTI configurations on this page. Add new, update, or delete existing LTI configurations.

      1. To access the LTI settings, choose the "LTI settings" tab on the "Integrations" page.

      2. To create a new LTI configuration, click on the "Add new LTI configuration" button. The "Add new LTI configuration" dialog will appear where you can enter the parameters of the new LTI configuration.

      3. All LTI configurations are displayed in the table with their names, descriptions, statuses, and available actions.

      4. To preview or update the LTI configuration, click on the update icon. The "Update LTI configuration" dialog will appear where you can see and update the parameters of the LTI configuration.

      5. To delete the LTI configuration, click on the trash can icon, and confirm the deletion in the "Confirmation dialog".

      Add new LTI configuration

      The steps to create a new LTI configuration are listed below and marked on the image below:

      1. Enter the "Name" of the LTI configuration. The name must be unique for each LTI configuration.

      2. Optionally enter the "Description" of the LTI configuration.

      3. Choose the "Status" of the LTI configuration. If the status is "Enabled," configuration can be used for LTI Launch from LTI Tool consumer, otherwise not.

      4. Click on the "Save" button to save the LTI configuration. The "Update LTI configuration" dialog will appear where you can see and update the parameters of the LTI configuration.

      5. Click on the "Cancel" to close the dialog.

      Update LTI configuration

      The steps to update or use the LTI configuration to configure the LTI Tool consumer are listed below and marked on the image below:

      1. Enter the "Name" of the LTI configuration. The name must be unique for each LTI configuration.

      2. Optionally enter the "Description" of the LTI configuration.

      3. Choose the "Status" of the LTI configuration. If the status is "Enabled," configuration can be used for LTI Launch from LTI Tool consumer, otherwise not.

      4. Use the provided "Consumer key" to configure the LTI Tool consumer. It represents the unique ID of the LTI configuration and, together with the provided "Secret key," is used to verify the LTI Launch request. The LTI Launch request must contain provided "Consumer key" value in the "oauth_consumer_key" parameter.

      5. To copy the "Consumer key" to the clipboard, click on the "Copy to clipboard" icon.

      6. Use the provided "Secret key" to configure the LTI Tool consumer. It represents the secret key used by an LTI Tool consumer to sign the LTI Launch request and the LTI tool provider (GetCertified) to verify the signature.

      7. To copy the "Secret key" to the clipboard, click on the "Copy to clipboard" icon.

      8. Use the provided "Signature method" to configure the LTI Tool consumer. It represents the signature algorithm that an LTI Tool consumer must use to sign the LTI Launch request. The LTI Launch request must contain provided "Signature method" value in the "oauth_signature_method" parameter. The only supported signature method is "HMAC-SHA1".

      9. Use the provided "Message URL" to configure the LTI Tool consumer. It represents the LTI endpoint where should LTI Tool consumer send the LTI Launch request.

      10. Use the provided "LTI version" to configure the LTI Tool consumer. It represents the LTI version that an LTI Tool consumer must use to send the LTI Launch request. The only supported version is "LTI-1po".

      11. To copy the "Message URL" to the clipboard, click on the "Copy to clipboard" icon.

      12. Click on the "Save" button to save the LTI configuration.

      13. Click on the "Cancel" to cancel the dialog.

  3. OpenID Settings

    YouTestMe (YTM) web application can act as a Client in the OpenID Connect Single Sign-on (SSO) protocol, which allows the user authentication and authorization by an Identity Provider, for example Azure AD, Okta, etc. OpenID Connect based SSO can be configured for multiple Identity Providers simultaneously. You need to create an OpenID configuration and define the parameters of the Identity Provider and the Client (YTM web app)

    To access the OpenID configuration panel, choose the "OpenID Settings" tab on the "Integrations" page. All the existing OpenID configurations are displayed in a table with their names, descriptions, statuses, and available actions.

    1. By clicking the "Add new OpenID configuration" button, a new pop-up window will appear where you can enter the parameters of a new OpenID configuration.

    2. By clicking the edit icon from the three vertical dots menu, a pop-up window with the same fields as the one for adding a new configuration will appear, where you can change the parameters of the selected OpenID configuration. An OpenID configuration can be deleted by clicking the trash can icon from the three vertical dots menu.

    When creating a new or updating an existing OpenID configuration, you need to enter the parameters for configuring the client (YTM) and an Identity Provider (IP).

    1. Enter the "Name" of the OpenID configuration.

    2. Optionally enter the "Description" of the OpenID configuration.

    3. Choose the "Status" of the OpenID configuration. If the status is "Enabled," users will be able to sign in with the IP specified in the configuration. Otherwise, they will not be able to do so.

    4. Insert the "Configuration URL", a URL where the configuration of the OpenID IP can be found, for example authorization endpoint URL, token endpoint URL, supported scopes etc. The OpenID IP provides this parameter.

    5. Insert the "Client ID", a public identifier for the client (YTM web app). The OpenID IP provides it when registering the application.

    6. Insert the "Client secret", a value the client uses to exchange an authorization code for a token. The OpenID IP provides it when registering the application.

    7. Choose the "Scope" to specify what access privileges are requested as part of the authorization.

    8. The "Initiate Login URL" parameter is automatically generated in the configuration by YTM. This is the URL of the YTM endpoint that initiates the sign-in flow upon receiving a request. When the OpenID IP redirects to this endpoint, the client is triggered to send an authorization request. This parameter is optional, and if used, it is copied from the configuration window and pasted to the appropriate field in the app settings on the IP side.

    9. The "Callback URL" parameter is automatically generated in the configuration by YTM. This is the URL of the callback endpoint where the OpenID IP redirects the user browser and sends security tokens after authentication. On the IP side this parameter might be referred to as "redirect URI" as well, and you have to copy it from the configuration window and paste it there.

    10. The OpenID provider can send a request to this URL to initiate the logout on the client side when the user logs out. Sending a request to this URL will clear user session data in YouTestMe, and the user will have to sign in again to access the application.

    11. Mapping of the Authorization server (IP) claims to the YTM user profile attributes. Claims are name/value pairs that contain information about a user. The claims can be sent using the access token, the ID token, or the UserInfo endpoint data. An access token is an authorization in the form of a string given to an application to access the protected data of a user. An ID token is a string that contains information about a user and proves that the user has been authenticated. The UserInfo endpoint returns claims about an authenticated user.
      The mapping from the claims can be specified for each YTM user account attribute. When a pop-up window for a new OpeniD configuration opens, the default values are set for the most important attributes (username, email, first name, last name, role). Every value represents a JavaScript expression based on which the corresponding attribute is evaluated. These values are only suggestions, they can be changed.
      For example, the expression id_token.preferred_username can be used to obtain the Username attribute value (assuming that the preferred_username claim is included in ID token on the IP side). This means that the result of evaluating id_token.preferred_username will be mapped to Username attribute . Username is a unique identifier for the user, based on which it is determined whether the received claims are used to update an existing or to create a new user.
      As a special case of a JavaScript expression, a constant represented by a string value (surrounded by single or double quotes) can be mapped to an attribute.
      Note that for the "Role code attribute" the code value is expected, not the full role name. To check the role codes for YTM user roles, navigate to "Users" and select "Roles and permissions".

    By clicking the "Test attribute mappings" button, a new pop-up window opens, which is used to test the mappings between the IP's claims and YTM user profile attributes. This provides a possibility to manually define strings in JSON format that simulate data received by the IP and examine the values of user profile attributes for that particular case.

    When the pop-up window opens:

    1. Enter a JSON string that simulates the payload of an access token received by the IP.

    2. Enter a JSON string that simulates the payload of an ID token received by the IP.

    3. Enter a JSON string that simulates the data received as the response to a request to the user_info endpoint of the IP.

    4. By clicking the "Test" button, the user profile attribute values corresponding to the above IP data are displayed.

    On the login page click the "Sign in with OpenID" button to display the available OpenID configurations. By clicking one of them the user initiates the OpenID authentication and authorization flow.

Integrations