Lessonly integrates with a few different SSO options to provide easy access to Lessonly when users signs in via the specified provider.
The following user management options we support and the specific requirements for each are as follow:
Google Suite - creates users the first time they try to log in to Lessonly using the Google SSO button on the login screen. This will only create the user's name and email within Lessonly. This DOES NOT update, bulk create, or archive users.
- To set up Google SSO with Lessonly will need is your email domain.
Custom SAML 2.0 SSO - creates users the first time they try to log in to Lessonly using the SAML 2.0 SSO button on the login screen. This will only create the user's name and email within Lessonly. This DOES NOT update, bulk create, or archive users.
What your identity provider needs:
- Support SAML 2.0
- Support passing back an email address for the users’ Name ID
- Support passing back the following source attributes(please map to our default names):
- First Name (urn:oid:220.127.116.11)
- Last Name (urn:oid:18.104.22.168)
- Nickname – optional
- Email address (urn:oid:0.9.2342.19200300.100.1.3)
- User ID – anything unique to identify your users (urn:oid:22.214.171.124.4.1.59126.96.36.199.10)
- entity ID – https://your_subdomain.lessonly.com/auth/saml/metadata
How to get it set up:
Lessonly will need a few different requirements for this integration. To set this up please follow the steps listed below:
- We will need your identity provider’s target URL where we will send authentication requests
- We will also need either your identity provider’s certificate (in PEM format) or certificate fingerprint
- Once we have those, our technical staff can configure Lessonly as a service provider for you
- Once that is done, you will be able to find your Lessonly service provider metadata at https://your_subdomain.lessonly.com/auth/saml/metadata
- This metadata file will contain information including the requested nameIDFormat, the service provider callback URL, the issuer name, and the SAML version.
Azure Active Directory - creates users the first time they try to log in to Lessonly using the AD Azure SSO button on the login screen. This will only create the user's name and email within Lessonly. This DOES NOT update, bulk create, or archive users.
- To integrate Azure AD with Lessonly, you will first want to make sure you have an Azure AD subscription and then follow the steps listed here - https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/lessonly-tutorial
- Be sure to send along the downloaded Certificate(Base64) and Sign-Out URL, SAML Entity ID, and SAML Single Sign-On Service URL to email@example.com to complete the process.
To enable these features please email firstname.lastname@example.org or reach out to your CX manager to learn more.
Note - If a user is using both SSO and the manual sign-on process if an action is triggered to expire a users password this will expire the user's password immediately. This happens when someone other than the user sets the password (admin in app, on the backend, via the API, or user sync). Passwords will not expire on their own, but if an action is taken that triggers a password to expire, the next time the user tries to login via SSO it will prompt them to create a new custom password. The user will need to set a new password, sign-in manually, and then upon their next sign-in they will be able to sign-in via SSO.