Open edX Enterprise Integration Requirements

This document outlines the requirements to integrate the Open edX Enterprise platform with an enterprise HRMS (corporate) or SIS (academic), enabling catalog synchronization, user enrollment, SSO-based access, progress tracking, and xAPI event delivery.

It is heavily based on capabilities that exist in edx-enterprise which is not commonly deployed for a variety of reasons.

Overview

The integration supports the following primary use cases:

Federated SSO access for enterprise users
Just-in-time (JIT) user provisioning
Catalog metadata delivery
Enrollment provisioning
Enrollment deep-linking
Status reporting and xAPI event delivery

Identity and Access Management

SSO via SAML IdP

Each enterprise customer is provisioned with a dedicated SAML Identity Provider (IdP) in Open edX.
Open edX functions as a SAML Service Provider (SP).
Users are authenticated via SSO upon clicking deep links to Open edX.

Just-in-Time User Provisioning

Users are JIT provisioned upon first successful SSO login.
User attributes (e.g., email, name, external_id) are extracted from the SAML assertion, and the Open edX account is linked to the associated enterprise customer.

SCIM

The System for Cross-domain Identity Management (SCIM)specification allows for centralized management of identity across cloud-based applications and services. This can work in conjunction with JIT provisioning by providing enterprise customers with the ability to fully offboard their employees once their employment is terminated. Or it can be used instead of JIT provisioning allowing the enterprise explicit control of account registrations.

Course Catalog Integration

Catalog Format

Open edX provides course metadata including:

Course title
Description
Duration
Delivery mode (e.g., self-paced, instructor-led)
Enrollment URL
Course image
Tags
Skills and other metadata

Delivery

Initial full push of the course catalog
Subsequent incremental updates as course metadata changes
Push initiated via webhook or integration adapter

Enrollment Provisioning

Deep Link Enrollment

Each course in the catalog includes an enrollment URL.
When clicked by an authenticated employee:
- If not already enrolled, the user is enrolled automatically
- If not yet provisioned, the user is JIT provisioned and enrolled

API-Based Enrollment

HRMS/SIS may call the Open edX Enterprise Enrollment API to enroll users in courses.
Enrollment API accepts identifiers such as email, course run ID, and enterprise customer UUID.
Users can be proactively enrolled ahead of first access (pending enrollment)
Pending enrollments are visible in reporting and will be updated upon login

Enrollment Lifecycle

State	Description
Pending	User is enrolled via API, but has not logged in
Active	User logged in and enrollment is fully active
Completed	User completed the course
Failed	User did not pass (if applicable)
Expired	Course run has ended

Tracking and Event Delivery

Bulk Data Retrieval

Enrollment and progress data can be pushed via secure file delivery or can be retrieved through a data API.

xAPI Support

Open edX will emit selected xAPI statements to the HRMS/SIS Learning Record Store (LRS).

Key Events

Examples below are from edx-enterprise

Enrollment Created

{
  "id": "d0df8e65-f9ae-4c72-951e-7ae25cc69157",
  "actor": {
    "objectType": "Agent",
    "mbox": "mailto:staff@example.com",
    "name": "staff"
  },
  "verb": {
    "id": "http://adlnet.gov/expapi/verbs/registered",
    "display": {}
  },
  "context": {
    "extensions": {}
  },
  "timestamp": "2018-08-15T09:18:31.066Z",
  "stored": "2018-08-15T09:18:31.066Z",
  "authority": {
    "account": {},
    "objectType": "Agent",
    "name": "Test Account"
  },
  "version": "1.0.1",
  "object": {
    "id": "http://adlnet.gov/expapi/activities/course",
    "definition": {},
    "objectType": "Activity"
  }
}

Course Completed

{
  "id": "90cd19fd-73aa-475d-82ba-117c7ea04756",
  "actor": {
    "objectType": "Agent",
    "mbox": "mailto:staff@example.com",
    "name": "staff"
  },
  "verb": {
    "id": "http://adlnet.gov/expapi/verbs/completed",
    "display": {}
  },
  "result": {
    "score": {},
    "success": true,
    "completion": true
  },
  "context": {
    "extensions": {}
  },
  "timestamp": "2018-08-15T11:22:52.113Z",
  "stored": "2018-08-15T11:22:52.113Z",
  "authority": {
    "account": {},
    "objectType": "Agent",
    "name": "Test Account"
  },
  "version": "1.0.1",
  "object": {
    "id": "http://adlnet.gov/expapi/activities/course",
    "definition": {},
    "objectType": "Activity"
  }
}

Delivery Method

xAPI events will be delivered via HTTPS to the HRMS/SIS xAPI LRS endpoint
Open edX will buffer and retry on delivery failures

Additional Features

Enterprise Connectors

As it is likely that Open edX service providers are likely to encounter the same HRMS, SIS and LMS platforms, connectors that build on top of the core capabilities of catalog, enrollment, data and identity would enable turnkey integrations.

Detailed requirements for enterprise connectors are out of scope of this document.

Enterprise Portal

View learner data
Manage enrollments
Manage enrollments

Enterprise Roles

Admin – manage enrollments
Data – view enrollment and progress data

Enrollment Codes

While not a core capability, the ability to distribute enrollment codes is often requested by enterprise customers.

Group-Based Access

Enterprise learner groups can be defined to assign employees to distinct groups within the enterprise customer (customer-scoped cohorts).

Insights

Course, class and learner insights from Aspects.
Data segregated by enterprise customer

[Proposal] Enterprise Integration