How to Configure SAML 2.0 for LearnUpon


Supported Features

The Okta/LearnUpon SAML integration currently supports the following features:

  • SP-initiated SSO
  • IdP-initiated SSO
  • JIT (Just In Time) Provisioning

Configuration Steps

  1. Login to your LearnUpon account as an administrator.

  2. Navigate to Settings > Integrations.

  3. Click Single Sign On - SAML:


  4. Select General Settings:


  5. Enter the following:

    • Switch the trigger to Enabled.

    • Version: Select 2.0.

    • Skip conditions: Select No.

    • SAML Token POST param name: Enter SAMLResponse.

    • Name Identifier Format: Enter urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.

    • Identify Provider Location (IDP SSO Target URL): Copy and paste the following:

      Sign into the Okta Admin dashboard to generate this value.

    • Unauthorized URL: Enter /users/sign_in.

    • Sign out URL: Enter /users/sign_in.

    • Disable portal login page?: Select a required option. We did not enable this feature in our example.

      Note: This switch disables the login page that is available on the portal. Once enabled, when your users try to access the portal’s login page, they will instead be redirected to the URL, which has been entered into the IDP SSO Target URL field. You can still access the portal login page by entering users/sign_in?no_sso=true at the end of the standard portal URL.

      If you have enabled this feature, then please change Sign out URL to the following (instead of /users/sign_in):

      Sign into the Okta Admin Dashboard to generate this variable.

    • Click Save:


  6. Scroll down to the Certificate Finger Prints section.

  7. Click Manage Finger Prints:


  8. Finger Print Value: Copy and paste the following:

    Sign into the Okta Admin Dashboard to generate this variable.

  9. Click Save:

  10. OPTIONAL: If you want to enable Just In Time (JIT) provisioning:

    1. Go back to the Settings -> Integrations -> Single Sign On – SAML page.

    2. Select User & Group Settings:


    3. Enable Create Users if they do not exist in your portal.

    4. First Name Identifier Format: Enter FirstName.

    5. Last Name Identifier Format: Enter LastName.

    6. Click Save:


  11. Done!


  • Make sure that you entered the correct value in the Site URL field under the General tab in Okta. Using the wrong value will prevent you from authenticating via SAML to LearnUpon.

  • The following SAML attributes are supported:

      Name Value
      FirstName user.firstName
      LastName user.lastName

SP-initiated SSO

SP-initiated SSO is available if the Disable portal login page? feature is activated (step 5).

Open your Site URL value.