Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Known Limitations/ Considerations

User accounts: This integration only authenticates existing user accounts. Any users in your Active Directory, who do not have Learn Amp accounts with a matching email address, will not be able to sign in until their user account has been set up in Learn Amp. We recommend automating user account creation with Azure Active Directory Integration for User Provisioning or sFTP. User Unique ID: Learn Amp authenticates user access by comparing the email field in Learn Amp and the UserPrincialName (UPN) field in ADFS.Learn Amp user accounts should be created with an email matching the UserPrincipalName field in Azure AD for the SSO integration to work.

...

How the Platforms Connect

Learn Amp authenticates users against the Microsoft ADFS (Authorization Server using OpenID Connect) using SAML 1 or SAML 2.

When setting up the integration, you will need to provide us with:

We can provide a federation metadata XML file, which you will use within your ADFS configuration, to set up Learn Amp as a Relying Party trust. Please open a support ticket, to request this.

Once the information above has been provided, the integration will be enabled and configured to then be testedLearn Amp will enable and configure the integration for you.

Drawio sketch
mVer2
zoom1
simple0
inComment0
pageId376668161
custContentId375750783
lbox1
diagramDisplayNameADFS Flow chart
contentVer2
revision2
baseUrlhttps://learnamp.atlassian.net/wiki
diagramNameADFS Flow chart
pCenter0
width792
links
tbstyle
height776

...

Permissions/Scopes Required

For SSO with MS ADFS to work effectively, the following permission scope is required by the integration:

...

titleUser.Read

...

The Replying Party trust settings will define what information is shared with Learn Amp in your Microsoft ADFS configuration.

...

Required Stakeholders

To set up our Integration with Microsoft ADFS, you will need somebody with administrator level access to your Microsoft ADFS. This person will also need administrator level access to your Learn Amp Live account for the period of time in which the Integration is being set up.

...

Set up Instructions

Full instructions on how to set up the Azure AD ADFS integration can be found within your Learn Amp account. Please go to yourdomain.learnamp.com/en/integrations/wsfed.

...

Other Frequently Asked Questions

Expand
titleWhat user field in Microsoft ADFS does Learn Amp use to authenticate users?

LearnAmp authenticates users by the ‘UserPrincipleName’ field in Azure AD. If you would like to use the ‘mail’ field please speak to your implementation coachYour ADFS relying party trust will define which fields ADFS shares with Learn Amp. We require the “UserPrincipalName” UPN field, and “Email”, as well as first name and last name.

Expand
titleWhat authentication protocol does Learn Amp use to authenticate user accounts?

Learn Amp uses OAuth2 SAML 1 or SAML 2 to authenticate user accounts.

...