What are the options for maintaining my learners in HSI Blue Ocean Brain?

Customers with and without Single Sign-On (SSO) have multiple options for managing their learners in HSI Blue Ocean Brain.

Note: The features under the Admin menu are enabled individually for Learning Leaders at each organization. If you believe that you should have access to one or more of these features, please contact us and your request will be forwarded to the appropriate person at your organization for approval.

Regardless of whether your organization utilizes Single Sign-On (SSO), Learner Admins have multiple options for efficiently adding, removing, and managing learners within HSI Blue Ocean Brain.

Learner Management Options for Customers with Single Sign-On (SSO)

Learner Management Options for Customers without Single Sign-On (SSO)


Learner Management Options for Customers with Single Sign-On (SSO)

Learner Admins utilizing Single Sign-On (SSO) through their organization can use any of the following options for managing their learners in HSI Blue Ocean Brain. To learn more about each option, select the link.

Note: SCIM provisioning is currently only available for customers using Microsoft Azure and Okta.


Learner Management options for Customers without Single Sign-On (SSO)

Learner Admins utilizing individually generated usernames and passwords for their learners can use any of the following options for managing their learners in HSI Blue Ocean Brain. To learn more about each option, select the link.


Auto-Provisioning by Domain - Username and Password

Auto-provisioning by domain allows customers to enable employee self-registration, so long as the learner's email address contains a specific business domain. Employees enter their first name, last name, and email, then create a password and verify their email to automatically create an account. To enable auto-provisioning by domain for your learners, the following requirements must be met:

  • Learners must have a real business email address
  • The customer must provide a specific list of business email domains to be used, and must not be utilizing Single Sign-On (SSO).
  • Each domain can only match to one group (e.g. @abc.com can only match to one group)
Pros of Auto-Provisioning by Domain Cons of Auto-Provisioning by Domain
  • Typically, no customer IT involvement is required to set up
  • Learners can be added to HSI Blue Ocean Brain without providing an employee list
  • If learners are terminated and the customer doesn’t provide the list of terminations to HSI Blue Ocean Brain, the data is not removed
  • Learners must visit HSI Blue Ocean Brain and create an account to access
  • For license-based customers, another method of learner management should be used to ensure the customer stays within the license limit


Just-In-Time Auto-Provisioning (JIT A/P) - Single Sign-On (SSO)

Just-In-Time Auto-Provisioning (JIT A/P) allows SSO-enabled learners to automatically create their accounts upon first accessing the site via the company-specific login link. To enable JIT A/P for your learners, the following requirements must be met:

  • Single Sign-On (SSO) must be set up with HSI Blue Ocean Brain.
  • Your organization's IT team will likely need to be involved in SSO set-up and maintenance/management of access.
    Pros of JIT A/P Cons of JIT A/P
    • Learners can be added to HSI Blue Ocean Brain without providing a list of employees
    • Learner fields (with the exception of username/NameID field) are updated upon the learner logging into HSI Blue Ocean Brain
    • Learner must click on the SSO-specific login link to create an account
    • Learners must be using a desktop or internet app (NOT mobile app) to auto-create an account
    • If Learners are terminated and the customer doesn’t provide the list of terminated employees to HSI Blue Ocean Brain, the data is not removed 
    • If fields are updated on the learner’s SSO account, the updates don’t pass to HSI Blue Ocean Brain until the learner logs in again
    • For license-based customers, another method of learner management may be used to ensure the customer stays within the license limit

    System for Cross-domain Identity Management (SCIM) - Single Sign-On (SSO)

    This learner management option lets SSO-configured customers manage their HSI Blue Ocean Brain employee list directly from their SSO provider. Learner updates withing the SSO provider—additions, removals, or changes—are automatically reflected in HSI Blue Ocean Brain. To enable SCIM provisioning for your learners, the following requirements must be met:

    • Single Sign-On (SSO) must be set up and SCIM must be available for the customer's SSO provider (currently only available for customers utilizing Microsoft Azure or Okta for Single Sign-On).
    • Your organization's IT team will need to be involved in SSO set-up and management of access for your learners.
    Pros of SCIM Provisioning Cons of SCIM Provisioning
    • SCIM controls adding new learners, updating current learners, deactivating learners, and reactivating learners
    • SCIM allows for the management of learners "in-house" without needing to contact HSI Blue Ocean Brain or send employee listings.
    • SCIM requires customer IT involvement for setup and maintenance of Single Sign-On accounts.
    • The HSI Blue Ocean Brain Team has limited ability to troubleshoot.
    • If Email is used as the NameID, the customer will need to make the adjustment to the account manually within HSI Blue Ocean Brain.


    Secure File Transfer Protocol (SFTP) - Single Sign-On (SSO) or Username and Password

    SFTP allows the customer to upload a full learner file, sent from the customer's HRIS system or manually added by the customer, to a SFTP server. Once the file is placed in the SFTP server, HSI Blue Ocean Brain sets up automation to download the employee listing and upload it to HSI Blue Ocean Brain. To enable SFTP for managing your learners, the following requirements must be met:

    • Customer IT involvement for setup
    • Manual or automated employee files must be sent regularly (as often as the customer would like to send files - most customers provide an updated employee file on a weekly basis)
    • The employee file must be the full list of learners who should have HSI Blue Ocean Brain access. When a new file is sent, the system adds any new learners on the file and deactivates any current learners who are not included on the file.
    Pros for SFTP: Cons for SFTP:
    • Once set up, further involvement from the customer's IT team is rarely needed
    • The HSI Blue Ocean Brain automation checks for new files hourly, with no limit on how often customers send files
    • Files can be sent via automation by the customer, making this a "hands-off" experience
    • Requires customer IT involvement to set up and make changes to the file


    Self-Import - Single Sign-On (SSO) or Username and Password

    Customers with the Learner Admin permissions can utilize the Self-Import function in two ways: to upload a full or partial learner file, or to update learners on an individual basis. When uploading a file to HSI Blue Ocean Brain, learner admins will receive a confirmation email containing the successes and errors of records imported.

    To utilize Self-Import for managing learners with a full or partial employee list, the following requirements must be met:

    • The employee list must be a .csv file including first name, last name, and email address for each learner.
    • The person uploading the employee list must have Learner Admin access in HSI Blue Ocean Brain and should receive instruction on best practices when uploading files.
    Pros for Self-Import (full or partial file) Cons for Self-Import (full or partial file)
    • No customer or BOB IT involvement
    • Uploads can be made at any time
    • File uploads are done manually, this process cannot be automated

    The Learner Admin permission also allows learning leaders to add, update, reactivate, or deactivate learners one-by-one within the Learner Management portal.

    While this allows learning leaders to make quick updates to their learner list at any time, it can be a manual and time-consuming process if the group is large.