Important! •For Intellek to continue to support you and your LMS, we offer the ability for Users to login via a separate login page. External Contacts with prior access to the LMS will also need to use this separate login page. •Your LMS must have all user data imported prior to setting up Azure AD SSO. •Intellek has already or will establish a test environment for testing your SSO connection prior to enabling SSO on your live LMS instance. Before proceeding with the following steps insure you have your test site and your live site URIs handy. •Users’ Login in the LMS (User_Identifier in the import) MUST match their Azure Active Directory User name •Please note the Intellek LMS uses OpenID Connect for Single sign on. SAML is not supported. |
Need more guidance? Contact support@Intellek.io or watch our how-to video on this topic:
Register your application with your AD tenant
First, register your application with your Azure Active Directory (Azure AD) tenant. This will give you an Application ID for your application, as well as enable it to receive tokens.
1.Sign in to the Azure portal.
2.If you have more than one Azure AD tenant, choose your Azure AD tenant by selecting your account in the top-right corner of the page, followed by selecting the Switch Directory navigation and then selecting the appropriate tenant.
3.In the Azure portal, search for and select Azure Active Directory.
4.In the Azure Active Directory left menu, select App registrations. Click to add a New registration.
5.From the Register an application page, follow the prompts and create a new application.
•Name is the application name and describes your application to end users. example: Intellek LMS SSO
•Under Supported account types, select Accounts in any organizational directory only.
•Provide the Redirect URI.
oSelect Web from the dropdown
oEnter https://[Intellek_LMS_URL]/authorization-code/callback. Replace [Intellek_LMS_URL] with your LMS TEST site url.
Important! Intellek has already or will establish a test environment for testing your SSO connection prior to enabling SSO on your live LMS instance. Complete all steps on this page for your test site. Once you've fully tested SSO in your test site: ▪Return to your Azure application ▪Navigate to Single Sign On ▪Click on your Application Name ▪Navigate to Authentication ▪Click Add URI to add your live site URI
|
•Click Register then Overview to overview your application.
6.Navigate to Certificates & secrets in the left menu.
7.Click to add a New client secret.
8.From the Add a client secret section
•Enter a Description. example: Intellek LMS
•Define your preferred expiration setting and add a reminder in your calendar to renew the client secret prior to that date.
•Click Add
Important! When setting up the AAD application we highly recommend putting a calendar reminder for your team prior to the expiry date of the client secret. If it is not renewed before expiration, users will be unable to log into the LMS. |
9.Copy/paste the Value (Client secret) in a safe place to use in later steps. You won’t be able to copy it once you navigate away from this page.
10.Click Overview from the left panel. Once you've completed registration, Azure AD will assign your application a unique client identifier (the Application ID). Copy/paste this ID in a safe place to use in later steps.
11.Find and copy/paste your Azure AD tenant name in a safe place to use in later steps.
•Open the Custom domain names page. Find a domain that ends with .onmicrosoft.com. Copy/paste the tenant name in a safe place to use in later steps.
Configuring the LMS to use Azure AD
1.Important! Users’ Login in the LMS (User_Identifier in the import) MUST match their Azure Active Directory User name
2.Contact Intellek Support (support@Intellek.io) with the following information from your Azure portal
•Application (client) ID
•Client secret for the above application
•Your Azure AD tenant name (not to be confused with tenant ID) - for example companyname.onmicrosoft.com
3.Intellek will configure your LMS instance with the above settings.