SSO
Overview
Single Sign-On (SSO) allows your users to access Learn Amp using their existing corporate credentials. This streamlines the login experience and enhances security by leveraging your organisation's identity management system.
With SSO enabled, users can log in without needing separate Learn Amp credentials—reducing friction and support requests while maintaining enterprise-grade security.
Functionality Breakdown
SSO works by authenticating users against your organisation's identity provider. When enabled:
Users see an SSO login button on the sign-in page
Clicking the button redirects them to your identity provider
After successful authentication, they're logged into Learn Amp automatically
A unique identifier from your identity provider is linked to their Learn Amp account
You can offer SSO alongside standard email/password login, or configure SSO as the only login option for enhanced security.
Important: SSO authenticates existing user accounts only. Users must first be created in Learn Amp (manually, via CSV import, or through an HRIS integration) before they can sign in with SSO.
Supported Providers
Learn Amp integrates with the following SSO providers:
Provider | Authentication Protocol | Best For |
|---|---|---|
OAuth2 | Organisations using Google Workspace | |
Microsoft Office 365 | OpenID Connect | Microsoft 365 environments |
Azure Active Directory | OAuth2 | Azure AD user authentication |
Microsoft ADFS | SAML 1/2 | On-premise Active Directory Federation Services |
Okta | OAuth2 | Enterprise identity management |
Auth0 | OpenID Connect | Universal identity platform |
Slack | OAuth2 | Slack workspace authentication (requires Business+ plan) |
Tip: Our SSO service is flexible. If you'd like to use a provider not listed here, please get in touch—we may be able to accommodate your needs.
Pre-requisites
To use SSO with Learn Amp, you'll need:
An active subscription to one of the supported identity providers
Administrator access to your identity provider (for initial configuration)
Users already created in Learn Amp with email addresses matching those in your identity provider
Required User Roles
Action | Required Role |
|---|---|
Request SSO enablement | Owner or Admin |
Configure SSO settings | Learn Amp Support (on your behalf) |
Use SSO to sign in | Any user with a matching account |
To enable SSO for your company, please contact Learn Amp Support. We'll guide you through the setup process for your chosen provider.
FAQs
Q: Can users log in with both SSO and email/password?
Yes. By default, SSO appears alongside the standard login option. You can request to disable email/password login to enforce SSO-only access—contact Support to configure this.
Q: What happens if a user doesn't have a Learn Amp account?
They won't be able to sign in. SSO only authenticates existing accounts. Use an HRIS integration, CSV import, or manual user creation to provision accounts first.
Q: Can I enable multiple SSO providers?
Yes. You can enable multiple providers simultaneously, and users will see login buttons for each on the sign-in page.
Q: I have two accounts and use SSO. When I log out and back in, I keep being redirected to the wrong account. What's happening?
If you have access to multiple Learn Amp accounts using the same SSO identity, the system logs you into the first matching account. To switch accounts: log out completely from both Learn Amp and your identity provider, clear your browser cookies, then navigate directly to the correct account's login URL (e.g., yourcompany.learnamp.com).
Q: How do I enable SSO for my company?
Contact Learn Amp Support to request your preferred SSO provider. We'll enable the integration and guide you through any provider-specific configuration steps.
Q: Does SSO automatically create user accounts?
No. SSO only handles authentication (verifying identity). For automatic user provisioning, consider using an HRIS integration like Azure AD SCIM, Okta SCIM, or one of our other user sync options.
Q: Can I customise the SSO login button label?
Yes. Contact Support to set a custom label for your SSO button (e.g., "Login with Company SSO").
Troubleshooting
Issue | Solution |
|---|---|
SSO button not appearing | Ensure SSO is enabled for your company. Contact Support if you've requested SSO but don't see the option. |
"User not found" error | The email in your identity provider must exactly match the user's Learn Amp email address. |
Redirected to wrong account | Log out from both Learn Amp and your identity provider, clear browser cookies, then navigate directly to the correct account URL. |
SSO login failing | Verify your identity provider configuration. For SAML-based SSO (ADFS), check that certificates haven't expired. |
Can't disable password login | Contact Support to configure SSO-only authentication for your company. |
First-time login shows permission request | This is normal. Users grant permission once during their first SSO login; subsequent logins won't require it. |
Related Articles
Last Reviewed: December 2024