• Overview
  • Configuration

Related-apps

Cornerstone

Simplify learning access by automating Cornerstone user provisioning.

Identity provisioningHCM

Overview

Integrating Cornerstone with Active Directory through ADManager Plus helps organizations automate user identity management across learning and talent management systems. By bridging AD with Cornerstone, HR and IT teams can ensure that employee access aligns with real-time directory updates—eliminating manual provisioning, minimizing access delays, and strengthening data consistency across systems. This integration supports smoother onboarding, accurate role-based training access, and secure deprovisioning.

 

Seamless onboarding

Automatically create Cornerstone accounts when new users are added to Active Directory, enabling immediate access to required training modules.

 

Dynamic role updates

Reflect department or job title changes from AD in Cornerstone to ensure learning paths and access stay relevant.

 

Secure offboarding

Revoke or delete Cornerstone access when users are removed or disabled in AD, preventing lingering access to sensitive content.

 

How to integrate Cornerstone with ADManager Plus

Prerequisites:

Cornerstone uses OAuth 2.0 to authorize API requests. Please ensure to provide the client_id and client_secret with permissions to retrieve desired information and perform tasks in Cornerstone. Refer to the Cornerstone API references page for more details.

Privileges:

  • To import users (inbound action): Ensure the account used for authorization has permission to read all user accounts.
  • To perform any action or query in Cornerstone (outbound action): Ensure the account used for authorization has permission to perform the desired action.
Note: ADManager Plus comes with a preconfigured set of APIs that help perform basic actions with the integration. If the action you require is not available, please gather the necessary API details from the Cornerstone API documentation to configure the inbound or outbound webhooks to perform the required actions.

Authorization configuration

  • Log in to ADManager Plus and navigate to Directory/Application Settings.
  • Go to Application Integrations, then search and select Cornerstone.
  • Toggle the Enable Cornerstone Integration button on.
  • In the Cornerstone Configuration page, click Authorization.
  • Perform steps to generate client_id and client_secret from Cornerstone, and paste them in the respective value fields.
  • Select Grant Type as Client Credentials
  • In the Auth URL field and the Auth Token URL field replace {corpname} value with that of your Cornerstone instance.
  • Click Configure.

Inbound webhook configuration

The inbound webhook enables you to get user data from Cornerstone to ADManager Plus and perform desired actions available in Automation feature on them. The attribute mapping configured in this section can be selected as the data sourcee during automation configuration to perform the desired action on the list of users received from the API response. To configure an inbound webhook for Cornerstone:

  • Under Inbound Webhook, click Cornerstone Endpoint Configuration.
  • In the Endpoint Configuration tab, an endpoint, Cornerstone Get Employees ENDPOINT, comes preconfigured with an Endpoint URL, API Method, Headers, and Parameters fields to fetch user accounts from Cornerstone. If you would like to use this preconfigured endpoint, replace {corpname} of your Cornerstone instance in the Endpoint URL field. However, if you would like to use a new endpoint to import users, you can configure one using the + Add API endpoint button and filling in the required fields per Cornerstone's API references. Click here to learn how. Note:
    • Authorization Header is preconfigured for authenticating API requests as formatted during Authorization Configuration.
    • You can add macros to your endpoint configuration to dynamically change it as per your requirement using the macro chooser component.
    • Refer to Cornerstone's API references and configure additional headers and parameters, if required.
  • Once done, click Test & Save. A response window will display all the requested parameters that can be fetched using the API call. Click Proceed. Note:
    • Refer to Cornerstone's API references to know the Parameters that must be configured to fetch specific parameters.
    • You can configure multiple endpoints for Cornerstone using the + Add API endpoint button. Click here to learn how.
  • Click Data Source - LDAP Attribute Mapping to match endpoints and to map AD LDAP attributes with the respective attributes in Cornerstone.
  • Click + Add New Configuration and perform the following:
    • Enter the Configuration Name and Description and select the Automation Category from the drop-down menu.
    • In the Select Endpoint field, select the desired endpoint and a Primary Key that is unique to a user (e.g. employeeIdentifier). Note: When multiple endpoints are configured, this attribute must hold the same value in all the endpoints.
    • In the Attribute Mapping field, select the attribute from the LDAP Attribute Name drop-down menu and map it with the respective column in Cornerstone.
    • If you would like to create a new custom format for this, click Mapping Attribute.
    • Click Save.
Note: The attribute mapping configured in this section can be selected as the data source during automation configuration to perform the desired action on the list of users received from the API response.

Outbound webhook configuration

An outbound webhook enables you to send changes made in AD using ADManager Plus to Cornerstone and carry out tasks in Cornerstone—all from ADManager Plus.To configure an outbound webhook for Cornerstone:

  • Under Outbound Webhook, click Cornerstone Webhook Configuration.
  • Click + Add Webhook.
  • Enter a name and description for this webhook.
  • Decide on the action that has to be performed and refer to Cornerstone's API references for the API details, such as the URL, headers, parameters, and other requirements.
  • Select the HTTP method that will enable you to perform the desired action on the endpoint from the drop-down menu.
  • Enter the endpoint URL.
  • Configure the Headers, Parameters, and Message Type in the appropriate format based on the API call that you would like to perform.
  • Click Test and Save.
  • A pop-up window will then display a list of AD users and groups on which to test the configured API call. Select the desired user or group on which this API request has to be tested and click OK. This will make a real-time call to the endpoint URL, and the selected objects will be modified according to the configuration.
  • The webhook response and request details will then be displayed. Verify them for the expected API behavior and click Save.
Note: The webhooks configured in this section can be included in Orchestration Templates, which can be used in event-driven and scheduled automations. They can also be applied directly to desired users to perform a sequence of actions on them (under Management > Advanced Management > Orchestration).