Here's an overview of how an LMS interacts with Content Controller. It is notable that "authentication" in the normal sense isn't happening here - the SCORM standard has no concept of users or passwords, and the learners are not "authenticating" against Content Controller in any meaningful sense: the LMS handles authenticating learners. All we are doing is making a set of content available if an learner has been given access to an appropriate Dispatch package by your LMS.
Here's how the process works:
- You import a course into Content Controller.
- Content Controller generates a SCORM Dispatch package. For an overview of how dispatch packages work, please see this article.
- You or your customer load the Dispatch package into an LMS.
- When a learner elects to take a dispatched course in the LMS, the LMS directs the learner's browser to the Dispatch package content.
- This Dispatch package contains a set of tokens which are passed via a URL to Content Controller. Content Controller then uses the tokens in conjunction with the learner ID (provided by the LMS) to determine if access to the course content should be granted. Content Controller tracks the number of users / launches / and the dates of access to content via the dispatch package. Content Controller is designed to gate this access upon hitting configurable preset limits across all 3 of these dimensions. Additionally, Dispatch packages (Content that has been shared) can have their access revoked at anytime by deactivating the course in the Account/ Content user interface
The learners at no time have access to any interactive functions of the Content Controller administrative interface or API - all that Content Controller is doing is determining whether they're able to access the course content, launch the course, and record the results of their course.
The tokens are static, and are passed via a URL - they're bound to the dispatch package that you generate.