Azure AD SSO Setup

<< Click to Display Table of Contents >>

Navigation:  Technical specifications >

Azure AD SSO Setup

Important!

For Intellek to continue to support you and your LMS, we offer the ability for Users to login via a separate login page. External Contacts with prior access to the LMS will also need to use this separate login page.

Your LMS must have all user data imported prior to setting up Azure AD SSO.

Intellek has already or will establish a test environment for testing your SSO connection prior to enabling SSO on your live LMS instance. Before proceeding with the following steps insure you have your test site and your live site URIs handy.

Users’ Login in the LMS (User_Identifier in the import) MUST match their Azure Active Directory User name

Please note the Intellek LMS uses OpenID Connect for Single sign on. SAML is not supported.

The LMS is configured with an SSO timeout of two hours. After two hours of inactivity, Users will be redirected to the LMS login page.

Need more guidance?  Contact support@Intellek.io or watch our how-to video on this topic:

expandedRegister your application with your AD tenant 

First, register your application with your Azure Active Directory (Azure AD) tenant. This will give you an Application ID for your application, as well as enable it to receive tokens. 

1.Sign in to the Azure portal

2.If you have more than one Azure AD tenant, choose your Azure AD tenant by selecting your account in the top-right corner of the page, followed by selecting the Switch Directory navigation and then selecting the appropriate tenant. 

3.In the Azure portal, search for and select Azure Active Directory

4.In the Azure Active Directory left menu, select App registrations. Click to add a New registration

new

5.From the Register an application page, follow the prompts and create a new application. 

Name is the application name and describes your application to end users. example: Intellek LMS SSO

Under Supported account types, select Accounts in any organizational directory only.

account type

6.Specify the Redirect URI.  - (Note: These instructions are for LMS v3. For LMS v4, see SSO Callback Configuration LMS v4.)

oSelect Web from the dropdown

oEnter https://[Intellek_LMS_URL]/authorization-code/callback where [Intellek_LMS_URL] is your LMS URL. 

Important!

Intellek has already or will establish a test environment for testing your SSO connection prior to enabling SSO on your live LMS instance. Complete all steps on this page for your test site. Once you've fully tested SSO in your test site:

Return to your Azure application

Navigate to Single Sign On

Click on your Application Name

Navigate to Authentication

Click Add URI to add your live site URI

azure add uri

Click Register then Overview to overview your application.

azure register

7.Navigate to Certificates & secrets in the left menu.

certs and secrets

8.Click to add a New client secret.

new c secret

9.From the Add a client secret section

Enter a Description. example: Intellek LMS

Define your preferred expiration setting and add a reminder in your calendar to renew the client secret prior to that date.

Click Add

expiry secret

Important!

When setting up the AAD application we highly recommend putting a calendar reminder for your team prior to the expiry date of the client secret. If it is not renewed before expiration, users will be unable to log into the LMS.

10.Copy/paste the Value (Client secret) in a safe place to use in later steps.  You won’t be able to copy it once you navigate away from this page.

copy secret

11.Click Overview from the left panel. Once you've completed registration, Azure AD will assign your application a unique client identifier (the Application ID). Copy/paste this ID in a safe place to use in later steps.

copy app ID

12.Find and copy/paste your Azure AD tenant name in a safe place to use in later steps.

Open the Custom domain names page. Find a domain that ends with .onmicrosoft.com. Copy/paste the tenant name in a safe place to use in later steps.

domain names
expandedLMS v4 SSO Configuration

All clients using SSO must add a new LMS v4 callback URL to their SSO application to ensure proper functionality after the LMS v4 upgrade is completed. See instructions below for the supported SSO providers.

Azure SSO Callback Configuration

The new callback URI is designed for a Single-page application (SPA) in LMS v4, which is different from the Web application method used in LMS v3.  

Note that this callback can be added in advance of your upgrade and in addition to your LMSv3 callback.

LMSv4 SSOAzureCallback1

LMSv4 SSOAzureCallback2

Sample List of Redirect URIs:

LMSv4 RedirectURLsAzureSSO

OKTA Single Sign-On

See Okta OpenID SSO LMSv4

ADFS Single Sign-On

Instructions coming soon.
expandedConfiguring the LMS to use Azure AD 

1.Important! Users’ Login in the LMS (User_Identifier in the import) MUST match their Azure Active Directory User name 

2.Contact Intellek Support (support@Intellek.io) with the following information from your Azure portal 

oApplication (client) ID 

oClient secret for the above application 

oYour Azure AD tenant name (not to be confused with tenant ID)  - for example companyname.onmicrosoft.com

3.Intellek will configure your LMS instance with the above settings.