Learner Hub : Enable Single Sign-On (SSO)

Joane Bonghanoy
Updated

Learner Hub SSO redirects learners to their IdP (Azure / Okta) upon signing in. This articles lists the steps required to enable Learner Hub SSO. 

  Requirements

  1. Ensure you have enabled Learner Hub
  2. Follow and read through the guide Getting Prepared for Learner Hub prior to enabling SSO. 
  3. Creating a new Enterprise App is not required unless Admin Single Sign-On (SSO) has been configured. 

Configure Learner Hub SSO in Azure

  1. Set-up Azure AD
    1. Sign in to Azure Portal, select Enterprise applications, New Application
    2. Select Create your own application and follow through per screenshot below.
    3. User and Groups : In the newly created application, ensure you have assigned the appropriate Users and Groups.
    4. Basic SAML Configuration : In the app created, navigate to Single sign-on > Basic SAML Configuration > Edit.

    5. Basic SAML Configuration : Enter details as below under Basic SAML Configuration and hit Save once done.

       

      Azure Field Information to be Added
      Identifier (Entity ID)
      • AU = urn:amazon:cognito:sp:ap-southeast-2_7K7i2on5r
      • UK = urn:amazon:cognito:sp:eu-west-2_OOB2k0ZkU
      Reply URL (Assertion Consumer Service URL)
      Sign On URL(optional)

       

    6. Attributes and Claims : Final result should look like below screenshots.
      LH SSO 4.png

       

    7. Attributes and Claims : To edit and map, follow through screenshots below.

        Warning

      1. There are attributes that are saved by default (long string URL), please ensure those are all removed / deleted.
      2. If your organisation have different userPrincipalname and primary email address (meaning users do not have 1 to 1 userPrincipalname and email address) then, Claim Name: email address value should be the same attribute that is synched to the platform. 
        Scenario: 
        You are synching your userPrincipalname as mail attribute via Azure SCIM (Map Attributes) to the platform.You have users who have different userPrincipalname and email address in your organisation then your Claim Name: emailaddress should be map to userPrincipalname and not mail.

       

       

       

    8. SAML Certificates : 
      1. Navigate to  Single sign-on
      2. Select SAML Certificates, copy App Federation Metadata URL and keep it for later to configure in Phriendly Phishing platform.
  2. Set-up SSO in the Phriendly Phishing Platform
    1. Login to Phriendly Phishing
    2. Navigate to Settings > Learner Hub > Learner Hub SSO Setting > Enabled
    3. Copy the Metadata URL saved from Azure Portal and Save Settings
  3. Log-in to Learner Hub using SSO
    1. Login to Learner Hub, input registered email address.
    2. After entering the email, it will automatically redirect the Learner to Microsoft log-in page.
      LH SSO 10.png
    3. After successful login, learner is directed to Learner Hub. LH SSO 11.png

Configure Learner Hub SSO in Okta

  Requirement
Okta Super Admin credential is required.

  1. Set-up Okta
    1. Sign into Okta Portal, choose Applications (left hand menu)
    2. Select Create App Integration
    3. Choose SAML 2.0 option and click Next
    4. Input App name 

    5. In Create SAML Integration, enter below details,

       Information

       

  2. Set-up SSO in Phriendly Phishing Platform
    1. Login to Phriendly Phishing
    2. Navigate to Settings > Learner Hub > Learner Hub SSO Setting > Enabled
    3. Copy the Metadata URL saved from Okta Portal and Save Settings.
  3. Log-in to Learner Hub using SSO
    1. Log into Learner Hub, input registered email address
    2. After entering the email, it will automatically redirect the Learner to the okta log-in page.
      Image 1 of 1
 Congratulations! You have now configured Learner Hub access via Single Sign-On.

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.