Azure Active Directory SSO Integration

Integration Summary
Azure Active Directory enables your users to sign in with their single sign-on details. We integrate with Azure Active Directory to provide you with a seamless login experience that is both safe and secure. If your company already uses Azure Active Directory, you can quickly and easily enable allow your employees to use their single sign-on details to access Learn Amp.


Main Features

Enjoy a seamless login experience between Learn Amp and Azure Active Directory.

  • Your employees will be able to sign into the Learn Amp platform with their Azure Active Directory single sign-on details.

  • Signing in is quick and easy, while remaining safe and secure.

  • This integration can be used in combination with our Azure Active Directory User Provisioning Integration if you require automatic synchronisation of user accounts with Learn Amp.


Known Limitations/ Considerations

User accounts: This integration only authenticates existing user accounts. Any users in your Active Directory, who do not have Learn Amp accounts, will not be able to sign in until their user account has been set up in Learn Amp. We recommend automating user account creation with Azure Active Directory Integration for User Provisioning or sFTP.

User Unique ID: Learn Amp authenticates user access by comparing the email field in Learn Amp and the UserPrincialName (UPN) field in Azure AD. Learn Amp user accounts should be created with an email matching the UserPrincipalName field in Azure AD for the SSO integration to work.


How the Platforms Connect

Learn Amp authenticates users against Azure AD using OpenID Connect. When setting up the integration, you will be asked to provide your Azure AD Tenant ID, then provide admin consent to allow your users to login to Learn Amp using OpenID. Once permissions have been granted, all users of your Active Directory, who have a corresponding Learn Amp account, will be able to sign in.

 


Permissions/Scopes Required

For SSO with AzureAD to work effectively, the following permission scope is required by the integration:

This scope is used to fetch user details, so Learn Amp users can be authenticated.


Required Stakeholders

To set up our Integration with Azure AD, you will need somebody with administrator level access to your Azure AD account. This person will also need administrator level access to your Learn Amp Live account for the period of time in which the Integration is being set up.


Set up Instructions

Full instructions on how to set up the Azure AD integration can be found within your Learn Amp account. Please go to yourdomain.learnamp.com/en/integrations/azureactivedirectory


Other Frequently Asked Questions

LearnAmp authenticates users by the ‘UserPrincipleName’ field in Azure AD. If you would like to use the ‘mail’ field please speak to your implementation coach.

Learn Amp uses OAuth2 to authenticate user accounts.

We store the Tenant ID of your Azure AD. This is stored in an encrypted field (not in plain text) within our production database. The tenant ID is not kept in any file or other shareable/downloadable format.

Yes. You can use Azure AD SSO in combination with email and password login. This allows other users to access Learn Amp without authenticating with Azure AD.