Integrate Azure SAML SSO with LearnUpon

Summary

Set up an integration between Azure (https://azure.microsoft.com/en-us/) and LearnUpon. Azure is a robust cloud computing solution.

SSO integration is available depending on your LearnUpon plan.

Azure's integration provides Single Sign-On (SSO) capacity:

• Users create a single set of credentials with Azure.
• Azure lets users log in to many applications, including LearnUpon, with these credentials.
• Azure keeps users' login details separate from their LearnUpon usage data.

Azure never "sees" or records what courses users take, or their course outcomes. The Azure integration only provides access to their LearnUpon account. Adding Azure as a login option means LearnUpon admins can manage users in a centralized location

Prerequisites

To set up Azure SAML SSO you need:

• SAML SSO enabled for your portal - see Set up SAML SSO for your portal
• An Azure account with Administrator permissions

Setting up Azure

From your Azure Portal Dashboard:

• In the top search bar, search for Enterprise Applications
  
  • Or, select Enterprise Applications from the left-hand menu
• Select New Application
  
• In the search bar, enter LearnUpon
• Select the LearnUpon App
• Select the blue Add app button

On the Enterprise Application > LearnUpon - Overview page select Set up single sign on:

• Select SAML as the Single Sign On Type
• Select Edit in the 1. Basic SAML Configuration box
  
  • Identifier to:

    https://yourportal.learnupon.com

  • Set Reply URL to:

    https://yourportal.learnupon.com/saml/consumer

  • Set Sign on URL, Relay State, and Logout URL to a blank field
  • Select Save
• Select Edit in the 3. SAML Signing Certificate box
  
  • Set Signing Option to Sign SAML Assertion
  • Set Signing Algorithm to SHA-1
    
  • This page also contains the X509 Certificate Thumbprint/ Fingerprint
    • The Thumbprint will be added to your LearnUpon settings
  • Select Save

Redirect URI

You can set a redirect_uri parameter with SSO, to redirect SSO users to a specific a web address after they log in.

Redirect the user to your catalog

https://yourportal.learnupon.com/saml/init?redirect_uri=/catalog 

Redirect to a specific course on the catalog

https://yourportal.learnupon.com/saml/init?redirect_uri=/catalog/{course_id}

This example requires the destination course's ID in LearnUpon. You can extract {course_id} from our API, or you might have the IDs stored on your own site.

Launch a specific course for the user

https://yourportal.learnupon.com/saml/init?redirect_uri=/enrollments/{enrollment_id}

This example requires the enrollment ID that you want to launch: the application generates this identifier when you enroll users. You can extract {enrollment_id} from our API for a user. 

Tip:​ To launch the course description page when the enrollment starts, add %3Fvd%3D1 to the end of your redirect_uri, which sends LearnUpon a redirect parameter of ?vd=1.

Redirect the user to your store

https: //yourportal.learnupon.com/saml/init?redirect_uri=/store 

Redirect to a specific course on the store

https://yourportal.learnupon.com/saml/init?redirect_uri=/store/{course_id} 

This example requires the destination course's ID in LearnUpon. You can extract {course_id} from our API,  or you might have the IDs stored on your own site.

Disable login page

See: Set up SAML SSO for your portal

If you select Disable portal login page in Settings > Integrations> SAML SSO > General Settings, you can still access the portal login page by adding users/sign_in?no_sso=true to the standard portal URL. For example: 

companyname.learnupon.com/users/sign_in?no_sso=true

Note: when you log in through SSO, you are authenticated for a single portal, rather than all your portals.

The portal switcher in your top navigation bar shows only the portals where you are already logged in. To retain access to all your portals through the portal switcher, log in through the LearnUpon sign-in page, by adding users/sign_in?no_sso=true suffix to your portal URL.