Priima offers the option to enable strong authentication using a mobile certificate or personal online banking credentials during login or when accessing certain courses.
The customer and Saarni Learning agree on the arrangement, after which Saarni Learning activates the feature in the Priima environment. The strong authentication function will then appear in the Admin view, allowing the customer to enable it at a suitable time and select the usage method:
- Strong authentication selected for login means that from now on, every new or existing user must authenticate via strong authentication either once or every time they log in.
- Enabling strong authentication on a per-course basis so that authentication is required when accessing specific courses.
- Implementation of a registration and login page where a user can create a strong authentication method for their account, which is then verified with strong authentication every time. Such a user must always log in to Priima through this specific page and will not be redirected to the organisation’s regular Priima login page at any point.
Strong authentication at login
Strong authentication features become visible to the administrator only after the Customer and Saarni Learning have agreed on the implementation of the feature. After that, activation of the feature can be found under Admin > Environment > Environment Settings:
When strong authentication is enabled for logins in the environment, users are redirected after normal login to an authentication service page where they choose either mobile certificate or personal online banking credentials for authentication. Access to the environment is blocked without strong authentication thereafter. Depending on the setting, authentication is performed either once or at every login. Once authenticated, the user gains access to the environment and can continue as usual. Priima records the name information used during strong authentication and updates the user profile, overwriting previous name data. The username remains unchanged.
Administrators can see from the user profile when the login was performed using strong authentication and who verified it.
Strong authentication on a per-course basis
The environment can grant all course administrators the right to enable the feature in the course settings. After this, on the course’s Settings > Course Completion > Completion Conditions page, strong authentication can be activated for that specific course:
For situations where authentication fails for some reason, a course-specific instruction text can be created to guide the learner on what to do and who to contact. The image shows the default text:
Users can log into the environment without strong authentication, and only specific courses can require strong authentication. Authentication is required each time the learner accesses the specified course and remains valid for the duration of the Priima session, which is 8 hours. Trainers and administrators are not required to use strong authentication for such courses.
Learners can be pre-assigned as members of such a course or given the option to join or enrol. Strong authentication is required when the learner accesses the course content—that is, when navigating to the course via the dashboard, start page, or other links.
Strong authentication during registration
When registering with strong authentication, the user does not need to provide any information manually, as their details are automatically transferred to Priima during the strong authentication process. It is recommended to request an email address during strong authentication, but this is not a mandatory field.
Creation and editing of registration pages take place under Environment > Login > Login Methods. Select a registration form or create a new one:
Additional user information fields can be selected for the registration form, enabling the user to be directed to a specific dynamic group and automatically receive memberships for desired courses. The registration form can also include a list of courses the user can enrol in directly. In this case, registrations and enrolments are recorded and displayed collectively in the Registration Statistics report (Reports > Registration Statistics).
Customers who have strong authentication enabled through the registration pages can hide the username and password fields on the login page. This simplifies the structure of the login page, for example in cases where all users log into the environment strongly. In this case, local IDs do not need to be displayed on the home page. However, instead of the login fields, the “Show local login” link remains visible, through which, for example, administrators of the environment can access the environment with manual credentials.
Personal Identity Code field
In the Priima environment, the personal identity code field can be enabled if needed, allowing collection of personal identity codes during strong authentication logins.
When strong authentication is used for certain courses, personal identity codes are not collected.
***
Strong authentication is a paid service with a connection fee as well as a usage fee. For more information about the service, contact the customer contact person or email info@saarnilearning.fi.