<< Click to Display Table of Contents >> Navigation: Technical specifications > Azure AD SSO Setup |
Important! •For Intellek to continue to support you and your LMS, we offer the ability for Users to login via a separate login page. External Contacts with prior access to the LMS will also need to use this separate login page. •Your LMS must have all user data imported prior to setting up Azure AD SSO. •Intellek has already or will establish a test environment for testing your SSO connection prior to enabling SSO on your live LMS instance. Before proceeding with the following steps insure you have your test site and your live site URIs handy. •Users’ Login in the LMS (User_Identifier in the import) MUST match their Azure Active Directory User name •Please note the Intellek LMS uses OpenID Connect for Single sign on. SAML is not supported. •The LMS is configured with an SSO timeout of two hours. After two hours of inactivity, Users will be redirected to the LMS login page. |
Need more guidance? Contact support@Intellek.io or watch our how-to video on this topic:
First, register your application with your Azure Active Directory (Azure AD) tenant. This will give you an Application ID for your application, as well as enable it to receive tokens. 1.Sign in to the Azure portal. 2.If you have more than one Azure AD tenant, choose your Azure AD tenant by selecting your account in the top-right corner of the page, followed by selecting the Switch Directory navigation and then selecting the appropriate tenant. 3.In the Azure portal, search for and select Azure Active Directory. 4.In the Azure Active Directory left menu, select App registrations. Click to add a New registration. 5.From the Register an application page, follow the prompts and create a new application. •Name is the application name and describes your application to end users. example: Intellek LMS SSO •Under Supported account types, select Accounts in any organizational directory only. 6.Specify the Redirect URI. - (Note: These instructions are for LMS v3. For LMS v4, see SSO Callback Configuration LMS v4.) oSelect Web from the dropdown oEnter https://[Intellek_LMS_URL]/authorization-code/callback where [Intellek_LMS_URL] is your LMS URL.
•Click Register then Overview to overview your application. 7.Navigate to Certificates & secrets in the left menu. 8.Click to add a New client secret. 9.From the Add a client secret section ▪Enter a Description. example: Intellek LMS ▪Define your preferred expiration setting and add a reminder in your calendar to renew the client secret prior to that date. ▪Click Add
10.Copy/paste the Value (Client secret) in a safe place to use in later steps. You won’t be able to copy it once you navigate away from this page. 11.Click Overview from the left panel. Once you've completed registration, Azure AD will assign your application a unique client identifier (the Application ID). Copy/paste this ID in a safe place to use in later steps. 12.Find and copy/paste your Azure AD tenant name in a safe place to use in later steps. •Open the Custom domain names page. Find a domain that ends with .onmicrosoft.com. Copy/paste the tenant name in a safe place to use in later steps. |
All clients using SSO must add a new LMS v4 callback URL to their SSO application to ensure proper functionality after the LMS v4 upgrade is completed. See instructions below for the supported SSO providers. Azure SSO Callback ConfigurationThe new callback URI is designed for a Single-page application (SPA) in LMS v4, which is different from the Web application method used in LMS v3. Note that this callback can be added in advance of your upgrade and in addition to your LMSv3 callback. Sample List of Redirect URIs: OKTA Single Sign-OnADFS Single Sign-OnInstructions coming soon. |
1.Important! Users’ Login in the LMS (User_Identifier in the import) MUST match their Azure Active Directory User name 2.Contact Intellek Support (support@Intellek.io) with the following information from your Azure portal oApplication (client) ID oClient secret for the above application oYour Azure AD tenant name (not to be confused with tenant ID) - for example companyname.onmicrosoft.com 3.Intellek will configure your LMS instance with the above settings. |