To simplify user login and enhance security, illuxiLMS supports Single Sign-On integration with Azure Active Directory (AD) – Microsoft’s cloud identity service. With SSO enabled, your users can log in to illuxiLMS using their Azure AD credentials, without needing a separate password for the LMS. Key points and setup steps:
Benefits: Users have one less password to remember, and access can be controlled through your organization’s central directory. When SSO is set up with Azure AD, users will be redirected to the Microsoft login page and, after successful authentication, returned to illuxiLMS already logged in.This provides a seamless login experience and improves security (leveraging Azure MFA, conditional access policies, etc., if configured).
Setup Overview:
Register illuxiLMS in Azure: An Azure AD administrator needs to register a new enterprise application in Azure AD for illuxiLMS. This involves creating an app entry and configuring SAML or OIDC settings. Microsoft’s documentation provides a guide on how to register an app in the Azure AD platform.
Configuration in illuxiLMS: In the illuxiLMS Admin Portal, go to Integration > Single Sign-On (SSO) settings. Enter the information from Azure AD:
Identity Provider Issuer/Entity ID
Login URL (SAML Endpoint)
X.509 Certificate (provided by Azure for SAML).
Alternatively, if using OAuth/OIDC, provide the client ID, tenant info, etc.
Test the Connection: After saving the SSO configuration, test logging in as a user from Azure AD. On the illuxiLMS login page, you might have a Sign in with Microsoft button (or the regular login may redirect if configured as mandatory SSO). If the test user successfully logs in via Azure and lands in the LMS, the setup is working.
SSO for Staging vs Production: If your illuxiLMS has separate staging (test) and production environments, set up SSO for each environment (often by registering two apps in Azure, one for each environment, as their URLs differ).
How It Works for Users: When SSO is enabled, a user who goes to the illuxiLMS portal will be redirected to Azure AD for authentication. After they enter their company email and password (and pass any multi-factor prompts), Azure sends a token/assertion back to illuxiLMS that logs them in automatically. If their user account doesn’t exist in illuxiLMS yet, you can enable Just-In-Time provisioning or have pre-provisioned accounts via SCIM (see below).
Troubleshooting: Ensure the user’s email in illuxiLMS exactly matches their Azure AD email/UPN. Common issues include certificate misconfiguration, incorrect entity IDs, or clock skew (make sure server times are in sync). illuxiLMS documentation and support can assist with specifics if something isn’t working.
Setting up SSO with Azure AD greatly streamlines access, especially in enterprise environments where users are already managed in Microsoft 365/Azure AD.