SAML Thinkific Basics June 2, 2025 6 min read

What is SAML SSO and how does it work with Thinkific?

A plain-language introduction to SAML 2.0 single sign-on and how it connects enterprise identity providers to Thinkific.

Security Assertion Markup Language (SAML) 2.0 is an open standard that lets users authenticate once with a trusted identity provider (IdP) and then access multiple services without signing in again. For Thinkific customers, SAML SSO means learners and admins can log in with the same credentials they use for email, Slack, or Microsoft 365.

Why SAML matters for LMS platforms

Course platforms often contain sensitive content, student records, and paid resources. Relying on shared passwords or manual enrolment creates risk and admin overhead. SAML solves both problems by delegating authentication to an enterprise-grade IdP and returning a signed assertion that proves the user's identity.

How a SAML login flow works

  1. A learner visits your Thinkific site and clicks Sign in with SSO.
  2. Thinkific (via WooNinja SSO) redirects the browser to your IdP.
  3. The IdP authenticates the user and builds a SAML assertion.
  4. The assertion is posted back to the WooNinja SSO assertion consumer service.
  5. WooNinja SSO validates the signature, maps attributes, and provisions or signs in the Thinkific user.

The entire exchange typically completes in under a second and is invisible to the learner.

What you need to get started

  • A Thinkific site on a plan that supports SSO.
  • An identity provider that supports SAML 2.0 (Okta, Microsoft Entra ID, OneLogin, Shibboleth, ADFS, etc.).
  • A WooNinja SSO subscription configured as the SAML service provider.

Once the connection is established, your IT team manages users in one place while Thinkific automatically honours the access decisions made in the IdP.

Key SAML concepts

  • Service Provider (SP) — the application being protected, in this case Thinkific via WooNinja SSO.
  • Identity Provider (IdP) — the system that authenticates users, such as Okta or Entra ID.
  • SAML Assertion — the XML document containing identity and attribute statements.
  • Metadata — XML that describes each party's endpoints and public keys.
  • NameID — the unique identifier passed from IdP to SP, often an email or persistent ID.

Understanding these five terms is enough to have a productive conversation with your identity team and complete most SAML configurations.

Next steps

If you are evaluating SAML for Thinkific, start by confirming which IdP your organisation already uses. Most enterprises already have one, which means the integration is usually a matter of exchanging metadata and agreeing on attribute mappings rather than deploying new infrastructure.

Book a demo with the WooNinja team and we can review your IdP configuration and provide a tailored setup guide.

Written by WooNinja Team
Back to blog

Related articles