Use Azure as identity provider (IdP) for a seamless login for learners
Microsoft Azure is a robust cloud computing solution.
Availability: all customers
Azure's integration provides Single Sign-On (SSO) capacity:
- Users create a single set of credentials with MS Azure
- Azure lets users log in to many applications, including LearnUpon, with these credentials
- Azure keeps users' login details separate from their LearnUpon usage data
Azure never "sees" or records what courses users take, or their course outcomes. The Azure integration only provides access to their LearnUpon account. Adding Azure as a login option means LearnUpon admins can manage users in a centralized location
Access permissions
- Admins with full portal permissions: can set up the feature
The admin setting up the integration requires access to an Azure admin account.
Prerequisites
To set up Azure SAML SSO you need:
- SAML SSO enabled for your portal
- any related custom user data fields set up in LearnUpon
Note: the YYYY-MM-DD format is required for custom user data fields that contain dates. This format supports integrations for LearnUpon like SSO SAML, and services like batch user upload and API automations.
See:
Setting up Azure
From your Azure Portal Dashboard:
- In the top search bar, search for Enterprise Applications
- Or, select Enterprise Applications from the left-hand menu
- Select New Application
- In the search bar, enter LearnUpon
- Select LearnUpon App
- Select Add app button
On the Enterprise Application > LearnUpon - Overview page select Set up single sign on:
- For Single Sign On Type select SAML
- in 1. Basic SAML Configuration select Edit
- Set Identifier to:
https://<yourportal.learnupon.com
- Set Reply URL to:
<https://yourportal.learnupon.com/saml/consumer
- Set Sign on URL, Relay State, and Logout URL to a blank field
- Select Save
- Set Identifier to:
- in 3. SAML Signing Certificate select Edit
- Set Signing Option to Sign SAML Assertion
- Set Signing Algorithm to SHA-1
- This page also contains the X509 Certificate Thumbprint/ Fingerprint
- The Thumbprint will be added to your LearnUpon settings
- Select Save
On the Enterprise Applications > LearnUpon - Properties page:
- User Access URL directs users directly to the LearnUpon Application after logging in without any further clicks
- User Assignment Required? setting specifies whether any user can access the LearnUpon Application or if they must first be assigned in the Users and Groups settings
Groups
Note: LearnUpon's Group Sync feature works in a SAML SSO environment only. It does not work in a native Azure Cloud setting: Microsoft limits Azure to send the group GUID only, instead of the name/title of the group.
For a hybrid Azure/Active Directory (Local) environment, you can configure Azure to allow the pass through of the Group name/title.
See Configure group claims for applications by using Microsoft Entra ID
LearnUpon is not responsible for content outside this website.
Redirect URI
You can set a redirect_uri parameter with SSO, to redirect SSO users to a specific a web address after they log in.
Redirect the user to your catalog
https://yourportal.learnupon.com/saml/init?redirect_uri=/catalog
Redirect to a specific course on the catalog
https://yourportal.learnupon.com/saml/init?redirect_uri=/catalog/{course_id}
This example requires the destination course's ID in LearnUpon. You can extract {course_id} from our API, or you might have the IDs stored on your own site.
Launch a specific course for the user
https://yourportal.learnupon.com/saml/init?redirect_uri=/enrollments/{enrollment_id}
This example requires the enrollment ID that you want to launch: the application generates this identifier when you enroll users. You can extract {enrollment_id} from our API for a user.
Tip: To launch the course description page when the enrollment starts, add %3Fvd%3D1
to the end of your redirect_uri, which sends LearnUpon a redirect parameter of ?vd=1
.
Redirect the user to your store
https: //yourportal.learnupon.com/saml/init?redirect_uri=/store
Redirect to a specific course on the store
https://yourportal.learnupon.com/saml/init?redirect_uri=/store/{course_id}
This example requires the destination course's ID in LearnUpon. You can extract {course_id} from our API, or you might have the IDs stored on your own site.
Disable login page
See: Set up SAML SSO for your portal
If you select Disable portal login page in Settings > Integrations> SAML SSO > General Settings, you can still access the portal login page by adding users/sign_in?no_sso=true
to the standard portal URL. For example:
companyname.learnupon.com/users/sign_in?no_sso=true
Note: when you log in through SSO, you are authenticated for a single portal, rather than all your portals.
The portal switcher in your top navigation bar shows only the portals where you are already logged in. To retain access to all your portals through the portal switcher, log in through the LearnUpon sign-in page, by adding users/sign_in?no_sso=true
suffix to your portal URL.
Next steps with SAML SSO
See SAML SSO: send default and custom user data to LearnUpon about setting up additional customization for learners, to improve their learning experience.