Microsoft ADFS SSO Integration

Integration Summary
Microsoft ADFS enables your users to sign in with single sign-on access. We integrate with Microsoft ADFS to provide you with a seamless login experience, safely and securely. If your company already uses Microsoft ADFS, you can quickly and easily enable allow your employees to use their single sign-on details to access Learn Amp.

Main Features

Enjoy a seamless login experience between Learn Amp and Microsoft ADFS.

Your employees will be able to sign into the Learn Amp platform with their Microsoft ADFS single sign-on details.
Signing in is quick and easy, while remaining safe and secure.

Known Limitations/ Considerations

User accounts: This integration only authenticates existing user accounts. Any users in your Active Directory, who do not have Learn Amp accounts with a matching email address, will not be able to sign in until their user account has been set up in Learn Amp.

How the Platforms Connect

Learn Amp authenticates users against the Microsoft ADFS (Authorization Server) using SAML 1 or SAML 2.

When setting up the integration, you will need to provide us with:

The URL of your Identity Provider (IdP). e.g. https://sso.yourcompany.com/adfs/services/trust
The IdP endpoint (URL) to which the authentication request should be sent. e.g. https://sso.yourcompany.com/adfs/ls
The idp cert fingerprint. The SHA1 fingerprint of the IdP's signing certificate (e.g. "90:CC:16:F0:8D"). This is provided by the IdP when setting up the trust relationship.

We can provide a federation metadata XML file, which you will use within your ADFS configuration, to set up Learn Amp as a Relying Party trust. Please open a support ticket, to request this.

Once the information above has been provided, Learn Amp will enable and configure the integration for you.

Permissions/Scopes Required

The Replying Party trust settings will define what information is shared with Learn Amp in your Microsoft ADFS configuration.

Required Stakeholders

To set up our Integration with Microsoft ADFS, you will need somebody with administrator level access to your Microsoft ADFS. This person will also need administrator level access to your Learn Amp Live account for the period of time in which the Integration is being set up.

Set up Instructions

Full instructions on how to set up the ADFS integration can be found within your Learn Amp account. Please go to yourdomain.learnamp.com/en/integrations/wsfed.

Other Frequently Asked Questions

Your ADFS relying party trust will define which fields ADFS shares with Learn Amp. We require the “UserPrincipalName” UPN field, and “Email”, as well as first name and last name.

Learn Amp uses SAML 1 or SAML 2 to authenticate user accounts.

We store the The URL of your Identity Provider, IDP endpoint and The IDP cert fingerprint when setting up the Integration.

Yes. You can use MS ADFS SSO in combination with email and password login. This allows other users to access Learn Amp without authenticating with ADFS.