Log in seamlessly through your identity provider
LearnUpon uses Open ID Connect (OIDC) to let customers who use identity providers (IdPs) like Okta, OneLogin, G Suite, Salesforce or Microsoft Active Directory/ADFS, sign in their users automatically.
Availability: all customers upon request
OIDC lets a user authenticated on one system sign in to another system automatically, without typing a username and password. This process is known as Single Sign-On (SSO). OIDC formats data differently than Security Assertion Markup Language (SAML). OIDC operates on top of the OAuth 2.0 protocol.
LearnUpon supports a single OIDC configuration per portal.
Speak to your Customer Success Manager or Implementation Consultant to determine which SSO configuration works best for your organization.
Note: LearnUpon does not support Azure AD B2C (business to consumer) OIDC. Microsoft is discontinuing support for this product.
Access permissions
- admins with full portal permissions: can set up OIDC SSO
This feature is available in both top-level portals and sub-portals. If you use sub-portals, you set OIDC configuration separately for each portal.
Prerequisites
- OIDC SSO turned on for your portal
Obtain URI value from LearnUpon
- Navigate to your portal Settings > Integrations > OIDC.
- Copy the Redirect URI.
- Save the Redirect URI in a safe place to be used in your IdP.
Setup in your identity provider
In your IdP, create your LearnUpon OIDC web application. The exact terms for fields in the identity provider may vary.
- Choose OIDC - OpenID Connect as your sign-in method.
- Set an App Name.
- Copy the saved Redirect URI from LearnUpon in your OIDC web application.
- Optional: set a sign-out redirect URI.
- Configure your organization’s app access controls.
- Save to finish.
Setup in LearnUpon
- From main navigation go to Settings > Integrations > OIDC.
- From OIDC Configuration, make the following entries:
- Enabled?: select to activate OIDC for your portal
- Issuer: enter unique identifier of your OIDC provider (example: https://accounts.google.com)
- Client ID: copy and paste the generated Client ID from your IdP OIDC web application
- Client Secret: copy and paste the generated Client Secret from your IdP OIDC web application
- POST Logout URL (optional): destination URL for users who select Sign Out on the portal
- Create users if they do not exist: toggle the option to allow new user creation
- Disable portal login page (optional): to redirect users to the IdP SSO URL
- Submit to finish this section.
See: