Customers with and without Single Sign-On (SSO) have multiple options for managing their learners in HSI Blue Ocean Brain.
Note: The features under the Admin menu are enabled individually for Learning Leaders at each organization. If you believe that you should have access to one or more of these features, please contact us and your request will be forwarded to the appropriate person at your organization for approval.
Regardless of whether your organization utilizes Single Sign-On (SSO), Learner Admins have multiple options for efficiently adding, removing, and managing learners within HSI Blue Ocean Brain.
Learner Management Options for Customers with Single Sign-On (SSO)
Learner Management Options for Customers without Single Sign-On (SSO)
Learner Management Options for Customers with Single Sign-On (SSO)
Learner Admins utilizing Single Sign-On (SSO) through their organization can use any of the following options for managing their learners in HSI Blue Ocean Brain. To learn more about each option, select the link.
- Single Sign-On with Just-In-Time Auto Provisioning (SSO with JIT A/P)
- Single Sign-On with SFTP
- Single Sign-On with SCIM Provisioning
- Single Sign-On with Self Import (by employee file or individual basis)
Note: SCIM provisioning is currently only available for customers using Microsoft Azure and Okta.
Learner Management options for Customers without Single Sign-On (SSO)
Learner Admins utilizing individually generated usernames and passwords for their learners can use any of the following options for managing their learners in HSI Blue Ocean Brain. To learn more about each option, select the link.
Auto-Provisioning by Domain - Username and Password
Auto-provisioning by domain allows customers to enable employee self-registration, so long as the learner's email address contains a specific business domain. Employees enter their first name, last name, and email, then create a password and verify their email to automatically create an account. To enable auto-provisioning by domain for your learners, the following requirements must be met:
- Learners must have a real business email address
- The customer must provide a specific list of business email domains to be used, and must not be utilizing Single Sign-On (SSO).
- Each domain can only match to one group (e.g. @abc.com can only match to one group)
| Pros of Auto-Provisioning by Domain | Cons of Auto-Provisioning by Domain |
|
|
Just-In-Time Auto-Provisioning (JIT A/P) - Single Sign-On (SSO)
Just-In-Time Auto-Provisioning (JIT A/P) allows SSO-enabled learners to automatically create their accounts upon first accessing the site via the company-specific login link. To enable JIT A/P for your learners, the following requirements must be met:
- Single Sign-On (SSO) must be set up with HSI Blue Ocean Brain.
- Your organization's IT team will likely need to be involved in SSO set-up and maintenance/management of access.
| Pros of JIT A/P | Cons of JIT A/P |
|
|
System for Cross-domain Identity Management (SCIM) - Single Sign-On (SSO)
This learner management option lets SSO-configured customers manage their HSI Blue Ocean Brain employee list directly from their SSO provider. Learner updates withing the SSO provider—additions, removals, or changes—are automatically reflected in HSI Blue Ocean Brain. To enable SCIM provisioning for your learners, the following requirements must be met:
- Single Sign-On (SSO) must be set up and SCIM must be available for the customer's SSO provider (currently only available for customers utilizing Microsoft Azure or Okta for Single Sign-On).
- Your organization's IT team will need to be involved in SSO set-up and management of access for your learners.
| Pros of SCIM Provisioning | Cons of SCIM Provisioning |
|
|
Secure File Transfer Protocol (SFTP) - Single Sign-On (SSO) or Username and Password
SFTP allows the customer to upload a full learner file, sent from the customer's HRIS system or manually added by the customer, to a SFTP server. Once the file is placed in the SFTP server, HSI Blue Ocean Brain sets up automation to download the employee listing and upload it to HSI Blue Ocean Brain. To enable SFTP for managing your learners, the following requirements must be met:
- Customer IT involvement for setup
- Manual or automated employee files must be sent regularly (as often as the customer would like to send files - most customers provide an updated employee file on a weekly basis)
- The employee file must be the full list of learners who should have HSI Blue Ocean Brain access. When a new file is sent, the system adds any new learners on the file and deactivates any current learners who are not included on the file.
| Pros for SFTP: | Cons for SFTP: |
|
|
Self-Import - Single Sign-On (SSO) or Username and Password
Customers with the Learner Admin permissions can utilize the Self-Import function in two ways: to upload a full or partial learner file, or to update learners on an individual basis. When uploading a file to HSI Blue Ocean Brain, learner admins will receive a confirmation email containing the successes and errors of records imported.
To utilize Self-Import for managing learners with a full or partial employee list, the following requirements must be met:
- The employee list must be a .csv file including first name, last name, and email address for each learner.
- The person uploading the employee list must have Learner Admin access in HSI Blue Ocean Brain and should receive instruction on best practices when uploading files.
| Pros for Self-Import (full or partial file) | Cons for Self-Import (full or partial file) |
|
|
The Learner Admin permission also allows learning leaders to add, update, reactivate, or deactivate learners one-by-one within the Learner Management portal.
While this allows learning leaders to make quick updates to their learner list at any time, it can be a manual and time-consuming process if the group is large.