For troubleshooting - see this article
โ
OpenID Connect (OIDC) is a modern authentication protocol that provides a secure and standardized way for users to authenticate across multiple websites and applications. OIDC is mainly used for user authentication in modern web and mobile applications.
OIDC is the recommended SSO method by Learnster since it's designed to support modern applications and Learnster support OIDC as an SSO mechanism for Learnster U, Learnster Studio and the Learnster U iOS and Android app.
Please follow the instructions below to set up OIDC SSO with Learnster and Azure.
OIDC for Learnster U and Learnster Studio
Start by going to Azure Active Directory/App registrations and choose "New registration"...
...choose a name ("Learnster OIDC SSO" for instance) and click "Register" (please leave other options as is).
Under Overview in the left menu, copy the "Application (client) ID"...
...and go to Learnster Studio/Settings/Integrations/OpenID Connect Authorization Code Flow and paste the value into "Web" tab for "Application (client) ID".
Under "Overview", choose the "Endpoints" tab and copy the "OpenID Connect metadata document" value...
...and go to Learnster Studio/Settings/Integrations/OpenID Connect Authorization Code Flow and paste the value into the "OpenID Provider Configuration" field.
Copy the "Reply URL" from Learnster's OIDC settings...
...and paste it in OIDC Authentication Web platform Redirect URI in Azure by choosing "Authentication" in the left menu, then choose "Add a platform" under Platform configurations...
...then choose "Web"...
...and paste the URL and click "Configure" (please leave the other choices as is).
Add a client secret to Learnster by choosing "Certificates & secrets" in the left menu...
...choose "New client secret", add a description, choose the wanted expiration time and click "Add"...
...copy the client secret value...
...and go to the OIDC settings in Learnster, paste in the client secret and click "Save Settings".
You can now scroll down to the status setting, turn OIDC SSO on, save the changes and OpenID Connect SSO settings for Learnster U and Studio should be ready. However...
Please note that you most probably need to configure which unique user identifier should be used between Learnster and Azure for the SSO to work properly. The easiest and most straight forward unique identifier to use is email. To use email as a unique identifier, simply choose "Email" as "Unique Identifier" and "Email as unique identifier" in Learnster's OIDC settings.
If you would rather want to use Azure user Object ID, choose "Object ID" as "Unique Identifier...
...and make sure that your users in Learnster has the Azure AD Object ID setting configured for their user accounts. This can be done via Learnster's open API or manually by going to the user's SSO settings.
OIDC for Learnster U iOS App
Please follow the instructions below to set up OIDC SSO for Learnster U for iOS and Azure. Make sure that you have followed the steps above before you start the iOS setup.
In the Learnster OIDC app in Azure, choose Authentication in the left menu, click "Add a platform" under Platform configurations and choose iOS/macOS.
In the next step, "Configure your iOS or macOS app", copy "iOS App Bundle Id" from Learnster's OIDC settings...
...and paste it into "Bundle ID" in Azure and click "Configure".
In the next step, copy the "Redirect URI" from "iOS / macOS configuration"...
...and paste it into the "Redirect URL" field in Learnster's OIDC settings. Please note that the URI must end with a backslash as in msauth.com.learnster.upp://auth/
Save your changes and the iOS setup is done.
OIDC for Learnster U Android App
Please follow the instructions below to set up OIDC SSO for Learnster U for iOS and Azure. Make sure that you have followed the steps above before you start the iOS setup.
In the Learnster OIDC app in Azure, choose Authentication in the left menu, click "Add a platform" under Platform configurations and choose Android.
In the next step, "Configure your Android app", copy "Android App Package Name" from Learnster's OIDC settings...
...and paste it into "Package name" in Azure.
Then go to Learnster's OIDC settings and copy the "Android App Certificate Fingerprint" value...
...paste it into the "Signature hash" field in Azure and click "Configure".
In the next step, copy the Redirect URI in Azure...
...and paste it into the Android tab "Redirect URL" filed in Learnster's OIDC settings.
Save your changes and the Android setup is done.