Tutorial: Microsoft Entra integration with Learning Pool LMS
In this tutorial, you'll learn how to integrate Learning Pool LMS with Microsoft Entra ID. When you integrate Learning Pool LMS with Microsoft Entra ID, you can:
- Control in Microsoft Entra ID who has access to Learning Pool LMS.
- Enable your users to be automatically signed-in to Learning Pool LMS with their Microsoft Entra accounts.
- Manage your accounts in one central location.
Prerequisites
To get started, you need the following items:
- A Microsoft Entra subscription. If you don't have a subscription, you can get a free account.
- An active subscription to Learning Pool LMS with Single Sign-on.
Note
When you start a single sign-on project, a member of the Learning Pool LMS Delivery team will guide you through this process. If you are not in contact with a member of the Learning Pool LMS Delivery team, speak to your Learning Pool LMS Account Manager.
Scenario description
In this tutorial, you configure and test Microsoft Entra SSO in a test environment.
- Learning Pool LMS supports SP initiated SSO.
Adding Learning Pool LMS from the gallery
To configure the integration of Learning Pool LMS into Microsoft Entra ID, you need to add Learning Pool LMS from the gallery to your list of managed SaaS apps.
- Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
- Browse to Identity > Applications > Enterprise applications > New application.
- In the Add from the gallery section, type Learning Pool LMS in the search box.
- Select Learning Pool LMS from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
Alternatively, you can also use the Enterprise App Configuration Wizard. In this wizard, you can add an application to your tenant, add users/groups to the app, assign roles, as well as walk through the SSO configuration as well. Learn more about Microsoft 365 wizards.
Configure and test Microsoft Entra SSO for Learning Pool LMS
Configure and test Microsoft Entra SSO with Learning Pool LMS with an existing Azure user. For SSO to work, you need to establish a link relationship between a Microsoft Entra user and the related user in Learning Pool LMS.
To configure and test Microsoft Entra SSO with Learning Pool LMS, perform the following steps:
- Configure Microsoft Entra SSO - to enable your users to use this feature.
- Assign a Microsoft Entra user - to enable that user to use Microsoft Entra single sign-on.
- Configure Learning Pool LMS SSO - to configure the single sign-on settings on application side.
- Test SSO - to verify whether the configuration works.
Configure Microsoft Entra SSO
Follow these steps to enable Microsoft Entra SSO.
Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
Browse to Identity > Applications > Enterprise applications > Learning Pool LMS > Single sign-on.
On the Select a single sign-on method page, select SAML.
On the Set up single sign-on with SAML page, click the pencil icon for Basic SAML Configuration to edit the settings.
On the Basic SAML Configuration section, if you have Service Provider metadata file, perform the following steps:
a. Click Upload metadata file.
b. Click on folder logo to select the metadata file and click Upload.
c. After the metadata file is successfully uploaded, the Identifier value gets auto populated in Basic SAML Configuration section.
In the Sign-on URL text box, type the URL:
https://parliament.preview.Learningpool.com/auth/shibboleth/index.php
Note
If the Identifier value does not get auto populated, then please fill in the value manually according to your requirement.
You must send over at least one attribute which is used to match your Azure Users with the users on Learning Pool LMS. Normally, the default attributes are enough, but in some cases you may need to send over some custom attributes. The following screenshot shows the list of default attributes. Click the Edit icon to open the User Attributes dialog and add more attributes if required.
In the User Claims section on the User Attributes dialog, edit the claims by using Edit icon or add the claims by using Add new claim to configure SAML token attribute as shown in the image above and perform the following steps:
a. Click Add new claim to open the Manage user claims dialog.
b. In the Name textbox, type the attribute name shown for that row.
c. Leave the Namespace blank.
d. Select Source as Attribute.
e. From the Source attribute list, type the attribute value shown for that row.
f. Click Ok
g. Click Save.
On the Set up Single Sign-On with SAML page, in the SAML Signing Certificate section, click the Copy button by the App Federation Metadata Url and pass that URL back to the Learning Pool Delivery team.
Assign a Microsoft Entra user
In this section, you'll enable an existing Microsoft Entra user to use Azure single sign-on by granting access to Learning Pool LMS.
- Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
- Browse to Identity > Applications > Enterprise applications > Learning Pool LMS.
- In the app's overview page, find the Manage section and select Users and groups.
- Select Add user, then select Users and groups in the Add Assignment dialog.
- In the Users and groups dialog, select a suitable user from the Users list, then click the Select button at the bottom of the screen.
- If you are expecting a role to be assigned to the users, you can select it from the Select a role dropdown. If no role has been set up for this app, you see "Default Access" role selected.
- In the Add Assignment dialog, click the Assign button.
Configure Learning Pool LMS SSO
The Learning Pool Delivery team will use the App Federation Metadata Url to configure the LMS to accept SAML2 connections. You will be asked to perform some testing steps to verify that the connection is configured correctly and the Learning Pool Delivery team will guide you through this process.
Test SSO
You will be guided through the testing process by the Learning Pool Delivery team.
Next steps
Once you configure Learning Pool LMS you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. Learn how to enforce session control with Microsoft Defender for Cloud Apps.