...
Known Limitations/ Considerations
User accounts: This integration only authenticates existing user accounts. Any users in your Active Directory, who do not have Learn Amp accounts with a matching email address, will not be able to sign in until their user account has been set up in Learn Amp. User Unique ID: Learn Amp authenticates user access by comparing the email field in Learn Amp and the UserPrincialName (UPN) field in ADFS. Learn Amp user accounts should be created with an email matching the UserPrincipalName field in Azure AD for the SSO integration to work.
...
How the Platforms Connect
Learn Amp authenticates users against the Microsoft ADFS (Authorization Server) using OpenID ConnectSAML 1 or SAML 2.
When setting up the integration, you will need to provide us with:
The URL of your Identity Provider (IdP). e.g. https://sso.yourcompany.com/adfs/services/trust
The IdP endpoint (URL) to which the authentication request should be sent. e.g. https://sso.yourcompany.com/adfs/ls
The idp cert fingerprint. The SHA1 fingerprint of the IdP's signing certificate (e.g. "90:CC:16:F0:8D"). This is provided by the IdP when setting up the trust relationship.
We can provide a federation metadata XML file, which you will use within your ADFS configuration, to set up Learn Amp as a Relying Party trust. Please open a support ticket, to request this.
Once the information above has been provided, the integration will be enabled and configured to then be testedLearn Amp will enable and configure the integration for you.
Drawio sketch | ||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
Permissions/Scopes Required
For SSO with MS ADFS to work effectively, the following permission scope is required by the integration:
...
title | User.Read |
---|
...
The Replying Party trust settings will define what information is shared with Learn Amp in your Microsoft ADFS configuration.
...
Required Stakeholders
To set up our Integration with Microsoft ADFS, you will need somebody with administrator level access to your Microsoft ADFS. This person will also need administrator level access to your Learn Amp Live account for the period of time in which the Integration is being set up.
...
Set up Instructions
Full instructions on how to set up the Azure AD ADFS integration can be found within your Learn Amp account. Please go to yourdomain.learnamp.com/en/integrations/wsfed.
...
Other Frequently Asked Questions
Expand | ||
---|---|---|
| ||
LearnAmp authenticates users by the ‘UserPrincipleName’ field in Azure AD. If you would like to use the ‘mail’ field please speak to your implementation coachYour ADFS relying party trust will define which fields ADFS shares with Learn Amp. We require the “UserPrincipalName” UPN field, and “Email”, as well as first name and last name. |
Expand | ||
---|---|---|
| ||
Learn Amp uses OAuth2 SAML 1 or SAML 2 to authenticate user accounts. |
...