Microsoft Entra ID is an integrated cloud identity and access solution.

System Requirements

  • A Microsoft Entra ID user with a Global administrator, Application administrator, or Cloud application administrator role
  • An iSpring Learn user
  • An LMS user with an Account Owner or Account Administrator role

How to Set up SSO in MS Entra ID

  1. Sign in to your MS Entra ID account: https://entra.microsoft.com/.

  2. Click Applications > Enterprise Applications > All Applications > New Application.



  3. Type “SAML Toolkit” in the search box and click on Microsoft Entra SAML Toolkit.



  4. Then, enter the name of the application, such as SSO iSpring Learn, and click on Create.



  5. Then, go to the Users and groups section. There, you can add all the users who will be able to log in to their iSpring Learn accounts using SSO by clicking on Add user/group.



  6. Click on None Selected under User and select the users on the list. Once all the users are selected, click on the Select button and then on Assign.



  7. Go to Single sign-on and select SAML



  8. In the first step of Basic SAML Configuration, click on Edit.



  9. Fill out Identifier (Entity ID), Reply URL (Assertion Consumer Service URL), and Relay State, as shown in the table below.

    IdentifierExample
    Identifierhttps://youraccount.ispringlearn.com/module.php/saml/sp/metadata.php/default-sp
    Reply URLhttps://youraccount.ispringlearn.com/module.php/saml/sp/saml2-acs.php/default-sp
    Sign On URLhttps://youraccount.ispringlearn.com/sso/login
    Relay Statehttps://youraccount.ispringlearn.com/sso/login
    Logout URL

    Leave this field empty

    +

  10. Then, click on Save.



  11. Now go to Attributes & Claims, and click on Edit.



  12. In the Required claim section, leave Unique User Identifier (Name ID) as the default.



  13. In the Additional claims section, edit each value. To do this, click on the name of the value in the Value column.


    • user.mail

      1. In the Name field, type email.

      2. In the Namespace field, delete the data and leave it empty.

      3. For Source, select Attribute.

      4. In the Source attribute field, leave the user.mail value which is the default.

      5. Click Save.



    • user.givenname

      1. In the Name field, type givenname.
      2. In the Namespace field, delete the data and leave it empty.
      3. For Source, select Attribute.
      4. In the Source attribute field, leave the user.givenname value which is the default.
      5. Click Save.



    • user.userprincipalname

      1. In the Name field, type sub.

      2. In the Namespace field, delete the data and leave it empty.

      3. For Source, select Attribute.

      4. In the Source attribute field, leave the userprincipalname value which is the default.

      5. Click Save.



    • user.surname

      1. In the Name field, type surname.

      2. In the Namespace field, delete the data and leave it empty.

      3. For Source, select Attribute.

      4. In the Source attribute field, leave the user.surname value which is the default.

      5. Click Save.



  14. After configuring the Attributes & Claims section, proceed to SAML Signing Certificate. Click on Edit.



  15. Verify that the certificate is valid. Check that the value in the Status column is Active, and that the encryption algorithm in the Signing Algorithm field is SHA-256.



  16. Then, go to Set up iSpring Learn SSO. The values of the Login URL and Microsoft Entra ID fields will be required later when setting up SSO on the iSpring Learn LMS side.



    Done! You’ve set up SSO on the Microsoft Entra ID side.

How to Set up SSO in iSpring Learn

  1. Log in to your iSpring Learn account. Then go to the SSO Settings and click SAML.



  2. In the SSO integration settings page, fill in the fields with the information from Microsoft Entra ID.



    Issuer URL (IdP Entity ID)Microsoft Entra ID Identifier
    Sign On URL

    Login URL

    Logout URLLogout URL: https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0
    Certificate Fingerprint

    Thumbprint  

    Redirect users to the SSO login pageIf this option is enabled, the iSpring login page will have the following URL: https://yourcompany.ispringlearn.com/sso/login.

    +

  3. Proceed to map the fields of iSpring Learn with the external SSO attributes. Map the fields in iSpring Learn with those in the SSO service.

    iSpring Learn Attributes

    		Microsoft Entra ID Attributes
    Emailemail
    Last Name

    surname

    First Namegivenname
    Loginsub

    1

  4. Next, сlick Enable.



  5. Then, add link to the corporate site in the Quick Links section.


Verify Single Sign-On

  1. Go to your iSpring Learn account https://youraccount.ispringlearn.com/.

  2. Click Log in with your corporate account.



    The user’s personal account will open.

    If an error occurs during configuration, please send a screenshot of the error to support@ispring.com.

Authorization without SAML

If you have enabled OpenID in your iSpring Learn account but are unable to log in using single sign-on for some reason, type the following web address: https://yourcompany.ispringlearn.com/login?no_sso

Now you will sign in to the account as usual, using your login and password.