Skip to main content

Single Sign-On FAQ

This article covers how LumiQ supports enterprise SSO via WorkOS, including setup with Microsoft Azure AD, Okta, and Google Workspace.

E
Written by Edward Chow
Updated over 3 weeks ago

What is Single Sign-On (SSO), and how does LumiQ support it?

SSO allows your team to securely access LumiQ using your existing identity provider (IdP), like Microsoft Azure AD, Okta, or Google Workspace. See full list of supported integrations here.

Will enabling SSO affect employee's course history or compliance tracking?

No. All user data, including course history, certificates, and bookmarks remains intact when switching to SSO, as long as their email address is consistent with their existing LumiQ account.

Which SSO providers does LumiQ support?

LumiQ supports identity providers, including:

  • Microsoft Azure

  • Okta

  • Google Workspace

  • See full list of supported integrations here.

How does the setup process work?

Once your team is ready:

  • LumiQ will initiate an SSO connection via WorkOS

  • You’ll receive a setup link to configure the connection in your IdP

  • Once configured, LumiQ will test and confirm the connection with your team

  • Your users can then sign in using your organization’s login credentials

Can we restrict access to only users from our domain or IdP?

Yes. LumiQ can enforce SSO-only access for your company domain, ensuring all users must authenticate through your identity provider.

Does LumiQ support MFA (Multi-Factor Authentication)?

LumiQ relies on your identity provider (IdP) to enforce MFA. If you’ve configured MFA policies in Azure, Okta, or Google Workspace, they will automatically apply when users sign in to LumiQ via SSO.

What happens to existing LumiQ users once SSO is enabled?

If an existing user’s email matches the domain and identity provider setup, they will automatically transition to SSO login. We ensure no loss of progress, certifications, or data.

Can we use both SSO and password-based login?

Organizations can choose either, enforce SSO (recommended for security) or authenticate with an email and password.

We recommend working with your CSM to define your organization’s policy.

Managing Users Through a Third-Party LMS

If your organization uses a third-party Learning Management System (LMS) to manage user access to LumiQ, that LMS will serve as the source of truth for provisioning and deprovisioning users. When SSO is enabled, access to LumiQ is automatically granted or revoked based on the permissions set in your LMS.

  • Add a user in your LMS → Employee can authenticate with SSO to access LumiQ

  • Remove a user in your LMS → Employee can no longer authenticate with SSO to access LumiQ

This setup ensures seamless control and alignment between your LMS and LumiQ, with no manual user management required in LumiQ.

We will only activate Azure Active Directory Sync if your organization does not have a third-party LMS managing access, or if your LMS does not support automated provisioning and deprovisioning.

What happens when an employee leaves the company?

If a user is deactivated in your identity provider (e.g., Azure), they will immediately lose access to LumiQ via their company credentials. However, if they previously set up a recovery email, they can regain access to their account, including all certificates and learning history. See Account Recovery article here.

What kind of support does LumiQ provide for setup?

Our team will guide you through the full setup process. We provide:

  • Setup instructions for your IdP

  • 1:1 support via email or live call

  • Post-integration testing and user onboarding advice

Who can I contact to begin the setup or get support?

Please reach out to your LumiQ Customer Success Manager, or email us at help@lumiqlearn.com to learn more.

Did this answer your question?