Set up an IdP to create and manage accounts
Use SCIM 2.0 protocol with your identity provider (IdP) to create, read, update and deactivate accounts in LearnUpon.
For customers using an identity provider with basic authentication like Okta, SCIM (System for Cross-domain Identity Management) makes managing user identities in LearnUpon easier.
For bearer/token authentication see Portal: set up SCIM 2.0 with bearer-token authentication.
Availability: depends on your LearnUpon plan
SCIM 2.0 overview
The SCIM protocol is an application-level REST protocol for provisioning and managing identity data on the web. The protocol supports creation, discovery, retrieval, and modification of core identity resources.
LearnUpon lets you set up an identity provider, such as Okta, that uses SCIM 2.0 to create, read, update and deactivate accounts from a single source.
Currently, this provisioning works in one direction. You create or update accounts in the identity provider, and SCIM creates or updates the same details for a new account in LearnUpon.
You can't create new accounts in LearnUpon and export them to your identity provider.
Background
LearnUpon is not responsible for content outside this site.
- SCIM: System for Cross-Domain Identity Management
- Add SCIM provisioning to app integrations | Okta
- Okta Expression Language overview guide | Okta Developer
Prerequisites
For SCIM 2.0 your LearnUpon portal requires the following features turned on:
- LearnUpon API. See Use the LearnUpon API
- SSO. See Set up SAML SSO for your portal
With these features in place, you complete the setup for basic authentication in your identity provider, such as Okta.
Access permissions
- admins with full portal permissions: can set up this feature
SCIM is available in sub-portals. You set up each portal individually as required.
Add SCIM provisioning
Follow the instructions from your identity provider, such as Okta, for basic authentication. For example, see Add SCIM provisioning to app integrations | Okta.
Note: if your portal uses advanced passwords, you need to set up password synchronization in your identity provider.
See: Set advanced password requirements for the portal
Required LearnUpon details for setup
- SCIM connector base URL:
https://yourportal.learnupon.com/api/v1/scim/
- Unique identifier field for users: email or userName
- Supported provisioning actions:
- Import New Users and Profile Updates
- Push New Users
- Push Profile Updates
- Authentication Mode: Basic Auth, using your LearnUpon API key and password
Parameters available for update through SCIM 2.0
You can update the following parameters through SCIM. When you change them in your identity provider, the changes appear in LearnUpon:
- first_name
- last_name
- display_name
- username
- login_enabled
- portal_membership_type
Note: You cannot currently update custom user data fields through SCIM.
Set up attribute mapping from your identity provider to LearnUpon
In your identity provider app, you need to specify what data you want the identity provider to share with LearnUpon, and where “push” it to LearnUpon when creating or changing a user’s profile.
For example, in Okta:
-
userName parameter
, for Username field in Okta's user profile, should contain your portal's unique identifier, either email or username -
userType
attribute in Okta needs to map to one of the LearnUpon user types (case sensitive):admin
-
member
(a legacy term for learners) manager
instructor
If your organization uses different userTypes, you can map them to one of the LearnUpon user types. For example, your organization can map director
to the LearnUpon admin
user type. Your identity provider will set up an admin account for every director in your organization.
See: