How do I set up Single Sign On (SSO) with Learnerbly?
We offer Single Sign On (SSO) for Learnerbly (i.e. allowing your users to log in using an external Identity Provider). We currently support Google/Gsuite and any provider that supports SAML.
Please note that you can only set up SSO with one Identity Provider at a time. You cannot have multiple identity providers active.
You can disable your SSO solution and return to a Magic Link-based login system at any time by clicking Disable once any of the providers have been activated.
Only admin users are allowed to add set up SSO.
Setting up SSO through Google is the quickest and simplest option. Visit the settings page for your organisation (Admin → Settings), scroll down to Identity Providers, and click Enable for Google.
Once Google has been enabled, your users will be redirected to the Google login screen when trying to log into Learnerbly. They can then sign in with their GSuite account, with no need for a password.
If you would like to test that this has been set up correctly, open a new private window or a browser in which you are not logged into Learnerbly. When you log into the platform, enter your email address and click Continue.
You will then be taken to the Google sign in screen, where you can select your GSuite account. If you have successfully logged in, you will then be redirected to our homepage.
If you or any users are having issues logging in via Google SSO, please ensure that the email for the GSuite account exactly matches the email assigned to the user's profile in Learnerbly.
You can update this if needed by going to Admin → People. Click on the name of the person you would like to edit, and then click on Edit Account Details on the left.
Okta
We assume that your organisation already have an Okta account and that your people's information has been onboarded onto this account. If you have not done so, please review Okta's Help Centre for more information.
If you would like to learn more about User Provisioning with Okta (i.e. syncing information between Okta and Learnerbly), please read this article.
⚠️ The Learnerbly Okta app does not support IdP Initiated Authentication. This means that if you would like your users to authenticate directly via Okta, you will need to create a separate bookmark app for Learnerbly. We will explain how to do so after you have connected Learnerbly to Okta as an Identity Provider.
Once you've logged into your organisation's Okta account, you will need to add Learnerbly as a new application to Okta.
Click on Applications → Applications → Browse App Catalog.
Search for Learnerbly in the search bar (make sure to spell our name correctly!)
Click on Learnerbly. Make sure that our app is not made visible to users or displayed in the Okta Mobile App, as users will not be able to log into Learnerbly via this application. We will explain how your users can log into Learnerbly directly through Okta by creating a Bookmark Application momentarily.
Once Learnerbly has been added, click on Sign On, and scroll down to notification about setting up SAML 2.0. You will need to copy the link connected to Identity Metadata Provider.
Now you'll need to go to the Learnerbly platform! Log in, visit the settings page for your organisation (Admin → Settings), scroll down to Identity providers, and click Configure to enable Okta.
You will then see a small modal with a box labelled Metadata URL. Please paste the Identity Metadata Provider link you copied from your Okta account into this box and then click Enable provider.
You will see a notification that the integration has been successful, and the Okta card will now be highlighted as enabled. If you would like to disable the integration, you can do this by clicking Disable on the card.
If you would like to test that this has been set up correctly, open a new private window or a browser in which you are not logged into Learnerbly. When you log into the platform, enter your email address and click Continue.
You will then be taken to an Okta login page. If you have successfully logged in, you will then be redirected to our homepage.
Authenticating Directly Through Okta
The Learnerbly Okta app does not support IdP Mitigated Authentication. This means that if you would like your users to authenticate directly via Okta, you will need to create a bookmark app for Learnerbly.
You can find out how to create a bookmark app, by following this guide from Okta: https://help.okta.com/en/prod/Content/Topics/Access-Gateway/add-app-saml-pass-thru-add-bookmark.htm
Use the following details when setting up the bookmark app:
Application Label: Learnerbly
URL: Use the Auto Sign-In Link that is visible in settings once you have set up the Okta integration
Please make sure that this application is displayed to your users
Once you have created the Bookmark Application, you can upload the following image as the Icon for the Application.
Your users will now be able to log into Learnerbly directly from the Okta app.
If you or any users are having issues logging in via SSO through Okta, please ensure that the email for the user in Okta exactly matches the email assigned to the user's profile in Learnerbly. For organisations that use multiple emails, there can be occasional mismatches.
You can update a learner's email address if needed by going to Admin → People. Click on the name of the person you would like to edit, and then click on Edit Account Details on the left.
If you are having wider issues, please ensure that you have entered the correct metadata URL by disabling and re-enabling the integration and that the URL is still valid. If you continue to have issues, please contact your Customer Success Manager at Learnerbly.
Microsoft Azure
You can set up SSO with Microsoft Azure by using our direct SAML integration. It's very similar to the Okta process, but you will need to set up your own application proxy in Azure.
In your Azure portal, select Azure Active Directory → Enterprise applications. Then select New Application.
At the top of the page, click Create your own application. Input the name Learnerbly, and select the option Integrate any other application you don't find in the gallery (Non-gallery).
Once the application has been successfully added, select Properties, and then upload the following file as the logo of the application.
Please ensure that you assign the application to your relevant users at this point too!
Under the Manage section, select Single sign-on. Then select SAML as the method.
Edit the Basic SAML Configuration. Use the following variables:
Identifier (Entity ID): urn:amazon:cognito:sp:eu-west-1_Gyf4XAU0L
Reply URL (Assertion Consumer Service URL): https://auth.app.learnerbly.com/saml2/idpresponse
Edit the User Attributes & Claims. You will need to configure a custom SAML attribute with the name “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress” that maps to the users’ email.
Under SAML Signing Certificate, copy the App Federation Metadata URL.
Now you'll need to go to the Learnerbly platform! Log in, visit the settings page for your organisation (Admin → Settings), scroll down to Identity providers, and click Configure to enable SAML.
You will then see a small modal with a box labelled Metadata URL. Please paste the App Federation Metadata URL you copied from Azure into this box and then click Enable Provider.
You will see a notification that the integration has been successful, and the SAML card will now be highlighted as enabled. If you would like to disable the integration, you can do this by clicking Disable on the card.
If you would like to test that this has been set up correctly, open a new private window or a browser in which you are not logged into Learnerbly. When you log into the platform, enter your email address and click Continue.
You will then be taken to a Microsoft Account login page. If you have successfully logged in, you will then be redirected to our homepage.
How do I migrate my current SSO to another one?
If you have recently changed your SSO provider, just follow these easy steps and you should all be set up!
Note: You can only perform these steps if you have Admins rights.
Deactivate your current SSO by going to Admin > Settings > Disable
That will prompt you (and any other user) to log in and set up a password. No worries, as soon as you set up your new SSO this won't be prompted again.
Once you have logged in, set up the new SSO and voilà!
Click on the button below to take the tour and try it out yourself!