...
By connecting your Azure AD account to Learn Amp:
All of your users that are stored in Azure AD will automatically be synced in to Learn Amp You can specify the users you require to be synced from Azure AD to Learn Amp, via a Group within Active Directory.
New users added to your this Azure AD account group will automatically be added to Learn Amp.
Any changes to user details in Azure AD (Job Title, Department, etc.) will be reflected in Learn Amp.
You can choose when new users are invited to Learn Amp.
...
Information that can be synced
Our ‘Out of the box’ integration with Learn Amp is able to map information from a number of predefined standard mappable fields which have been detailed in the table below:
Field in Azure AD |
|---|
Field in Learn Amp | |
|---|---|
id | n/a |
accountenabled | n/a |
givenname | first_name |
surname | last_name |
preferredLanguage | language |
officeLocation | location |
department | department |
jobTitle | job_title |
userPrincipalName |
department | primary_team_name |
photo | avatar |
photo
managers/line managers
directReports | override manager |
employeeHireDate (only if populated in AD) | hire date |
| Info |
|---|
Department maps to department in a user profilebut also to the primary_team_name. |
...
Syncing Additional Information
Yes, It is possible to sync additional or different data points from Azure AD in to Learn Amp. For example, You may decide to sync employeeId into a Learn Amp custom field to assign unique identifiers to your users.
...
Known Limitations/ Considerations
Team Managers: The Azure AD integration will sync each individual users' manager into Learn Amp if the data is available to do so (directreports field in Azure AD). This is what is known as an Override Manager in Learn Amp. The Integration does not have the ability sync Team/Department managers in to into Learn Amp. However, Team managers can be configured within Learn Amp to work in conjunction with Override Managers. Your Implementation Coach can provide further details on this.
...
Permissions/Scopes Required
For our integration with Azure AD to work effectively, the following permissions copes scopes are requested from Learn Amp:
...
| Expand | ||
|---|---|---|
| ||
This scope is used to fetch user details, so Learn Amp users can be automatically created/updated/deactivated |
| Expand | ||
|---|---|---|
| ||
This scope is only used if MS Teams integration is enabled. |
| Expand | ||
|---|---|---|
| ||
This scope is only used if MS Teams integration is enabled. |
| Expand | ||
|---|---|---|
| ||
This scope is only used if MS Teams integration is enabled. |
| Expand | ||
|---|---|---|
| ||
This scope is only used if MS Teams integration is enabled. |
| Expand | ||
|---|---|---|
| ||
This scope is only used if MS Teams integration is enabled. |
| Expand | ||
|---|---|---|
| ||
This scope is only used if MS Teams integration is enabled. |
...
Required Stakeholders
To set up our Integration with Azure AD, you will need somebody with administrator level access to your Azure AD account. This person will also need administrator level access to your Learn Amp Live account for the period of time in which the Integration is being set up.
...
Set up Instructions
Full instructions on how to set up the Azure AD integration can be found within your Learn Amp account. Please go to yourdomain.learnamp.com/en/integrations/azure_ad
...
Other Frequently Asked Questions
| Expand | ||
|---|---|---|
| ||
Learn Amp’s integration uses the Microsoft Graph API. It does not use SCIM or SAML. |
| Expand | ||
|---|---|---|
| ||
You can sync users from a single tenant and group in Azure AD. We recommend creating a Learn Amp group in your Azure AD tenant. This should be a group that contains the users they’d like to have access to the Learn amp platform, whoever is in this group will by synced over to the Learn amp platform. Anyone who is removed from this group at any point will be deactivated. |
| Expand | ||
|---|---|---|
| ||
Yes. When setting up the Azure AD integration you will have the option to either send invitation emails or don’t invite automatically. Invitation emails can be issued at any time from the Individuals page in Learn Amp. |
| Expand | ||
|---|---|---|
| ||
Azure AD syncs with Learn amp Amp every 24hrs automatically, however, if someone is removed from the Active Directory group, or their details change etc., then Learn Amp will be notified via webhook, and re-fetch details for that user - these notifications can take 30 minutes to propagate to Learn Amp. Should the updated information still not appear in Learn Amp, press the ‘Import all from Azure Active Directory’ ‘Sync users’ button on the Azure Active Directory integration page within your Learn Amp account. |
| Expand | ||
|---|---|---|
| ||
You should always create new users or update existing users information in Azure AD, not In Learn Amp. Newly created or updated user information in Azure AD will automatically be synced to Learn Amp. |
...
| Expand | ||
|---|---|---|
| ||
Azure AD won’t sync team managers but can translate line management relationships using override managers in Learn Amp. When setting up the Azure AD integration, tick the box. ‘Assign override managers/Direct reports in Azure AD’. |
| Expand | ||
|---|---|---|
| ||
AzureAD syncs users into Primary Teams (i.e. from Department in Azure AD). This will override any manual changes to primary team membership in Learn Amp. Azure AD does not sync users to Secondary Teams. Users can be assigned to Secondary Teams in Learn Amp. The Azure AD integration will not override secondary team membership. AzureAD does NOT delete any teams. Teams can be deleted in Learn Amp. |
| Expand | ||||
|---|---|---|---|---|
| No, user provisioning uses Graph API
| |||
Timezone is not a standard mappable field in the Azure AD integration with Learn Amp. The default company timezone can be set in Learn Amp’s Company Settings. All individuals can set their own timezones in user profile settings. |
| Expand | ||
|---|---|---|
| ||
Tenant ID We store the tenant ID of your AzureAD. Security Group Object ID We must store the Object ID of the Security Group within AzureAD, which defines which users should be created/updated/deactivated automatically by the integration. This object ID is stored in plain text within the primary database. |
| Expand | ||
|---|---|---|
| ||
Yes. Learn Amp can also integrate with Azure AD to permit Single Sign On. This uses the OAuth2 protocol against your Azure AD tenant. Users are authenticated by the UserPrincipalName field in Azure AD. For full information, please see our integration page on Azure Active Directory Integration for Single Sign On. |
| Expand | ||
|---|---|---|
| ||
Yes. You can integrate Learn Amp with Azure AD for user provisioning without enabling the MS Teams integration for events and activity feeds. |
| Expand | ||
|---|---|---|
| ||
Yes. You can uncheck the option: ‘Assign override manager using Manager/Direct Reports in AzureAD’ while managing settings on AzureAD. |
| Expand | ||
|---|---|---|
| ||
Yes - please speak to our support team about custom mappings between Azure Active Directory and Learn Amp. |