Azure Active Directory integration procedure

Since your portal has both a production and a staging environment, please follow the steps below first for the production environment, and then repeat them for the staging environment.

1. Register a new application on the Microsoft Identity Platform

Register a new application on the Microsoft Identity Platform by following the instructions on this page: Register an application on the Microsoft Identity Platform, with the following specifications:

The application name should be “illuxiLMS Production” (For the staging environment, use the name "illuxiLMS Staging"*).
In the Add a redirect URI section, select Web as the application type.



The redirect URI value should be:
`https://auth0.illuxi.com/login/callback`
( For the staging environment, use `https://auth0-staging.illuxi.com/login/callback`).
Once completed, please note the Client ID and Tenant ID, as we will need them.



In the Add credentials section, generate a Client Secret and copy its value, as we will need it.

2. Register a web API

Next, follow the instructions on this page: Register and expose a web API, with the following specifications:

After assigning an application owner, you will have defined:

One or more owners:



An application role:



A scope:



Note that you do not need to define an admin consent-required scope, as illuxiLMS does not write to your Azure AD.

3. Configure illuxiLMS to access the web API

Follow the instructions on this page: Configure an application to access a web API, with the following specifications:

In the Add permissions to access your web API section, you will allow illuxiLMS to access some basic user profile information by adding a permission linked to the illuxiLMS scope you created earlier:





In the Add permissions to access Microsoft Graph section, you will allow illuxiLMS to access specific profile information, particularly the groups users belong to:





Select the following permissions:

OpenID permissions > email
OpenID permissions > offline_access
OpenID permissions > openid
OpenID permissions > profile
Users > User.Read
Directory > Directory.Read.All

4. Create a test account

Once you have completed the previous steps, please create a test user account that will allow us to verify the integration on our end.

Ensure that this user is correctly assigned to a manager and is a member of at least the following two groups:

illuxilms
illuxilms-admin

5. Next steps

Once you have completed the steps above, please send the following information to client@illuxi.com:

Your Azure domain name.
The Tenant ID, Client ID, and Client Secret for the Staging app you created.
The Tenant ID, Client ID, and Client Secret for the Production app you created.
The email and password of a test user who has access to your Azure Active Directory AND belongs to the illuxilms and illuxilms_admin groups.

6. Questions and support

For any questions or support requests, please contact us at client@illuxi.com.

Updated on: 02/18/2025