Why We Are Making This Change
Ally learning links which are sent directly to employees via email have an expiry associated with them. While this makes access simple, it has created some challenges in practice:
Employees with expired links have no clear recovery path
Employees already logged in are put through unnecessary re-authentication
This update addresses all of these gaps and introduces a second access method for organizations with stricter authentication requirements.
What Is Changing
For Administrators
Administrators will now be able to choose how employees access Ally learning assignments. The same settings for Trainings are now valid for ally as well.
Available options:
Magic Link (Default) Employees receive a personalized learning link via email. Clicking the link opens a start page — authentication only happens when the employee clicks the button to begin. This two-step approach prevents email security scanners from consuming the link before the employee opens it.
Authentication URL Employees authenticate through your organization's Identity Provider or the Right-Hand portal before accessing their learning. No link expiry, no scanner risk, and no risk of links being shared between employees.
Our Recommended Approach
For organizations with centralized identity management, we recommend the Authentication URL option.
Benefits include:
Consistent authentication experience across all enterprise applications
No link expiry issues
Prevents learning links from being forwarded between employees
Aligns with enterprise security and auditability requirements
Magic links remain available and fully supported for organizations that prefer email-based access.
User Experience Improvements
Clearer Messaging on the Start Page
Employees will see a page that:
Confirms the link is intended for them (name partially obfuscated for privacy)
Shows context-appropriate messaging based on whether they have active learning or not (Please see screenshots below)
Only asks them to click one button to proceed
Improved Expired Link Handling
Previously, expired links either failed silently or triggered a new link automatically. With this update:
Employees see a clear message explaining the link has expired or already been used
A Send me a new link button lets them request a fresh link explicitly
A short cooldown prevents accidental duplicate requests
Session Awareness
If an employee is already logged in and clicks a learning link:
If it is their own link — they are taken directly to their learning, no re-authentication required
If the link belongs to someone else (e.g. a forwarded link on a shared device) — they see a passive message and no further action is taken
Fresh Link Provision
Once the employees ask for a new link should their existing links be expired. They will receive an email as follows which will provide them the access again
Magic Links vs Authentication URL
Feature | Magic Link | Authentication URL |
Access Method | Email link | Identity Provider / Portal login |
Link Expiration | Yes (24 hours) | No |
Link Sharing Risk | Mitigated | Prevented |
Centralized Authentication | No | Yes |
Recommended for Enterprise | Optional | Yes |
How Administrators Can Test the New Workflow
Once the update is released, administrators can test by:
Navigating to Company Settings → Security
Selecting the desired authentication method under Ally access settings
Sending a test Ally assignment to a user
Verifying the access flow from the employee's perspective
We recommend testing with a small group before rolling out to the full organization.
When This Update Will Be Available
This update will be released in May First week 2026.
No immediate action is required. Existing Ally assignments will continue to work as expected. Once available, administrators can configure their preferred access method from Company Settings.
Questions? Reach out to your CSM or contact [email protected]