How to Set Up Single-Sign-On with Azure
Prerequisites include:
- Organization Administrator access to your organization’s LearnPlatform account
- Azure Administrator access through your organization
- Your organizations subdomain must be listed in LearnPlatform's setting configurations
Configuring LearnPlatform Account
- Sign in to your LearnPlatform administrator account, click on:
Settings > Single Sign On > Single Sign On Type > SAML 2.0
- Toggle on the Use organization domain for callback urls at the bottom of your Single-Sign-On page.
Initial Azure Configuration
- In a separate window or tab, sign in to your Azure portal.
- Search for Enterprise Applications > Select Enterprise Applications > Click New Application > Click Create your own application
- From the pop-up box on the right titled “Create your own application”
- Fill in the name you want to appear in Azure’s MyApps (e.g. “LearnPlatform”)
- Ensure that the options “Integrate any other application you don't find in the gallery (Non-gallery)” is selected
- Click Create
- From the App Overview page, select Properties from the left menu.
- Download the following image to use as the icon for your custom SAML app. Upload this image as the App Icon.
- Select file to upload.
- Click Save
- Navigate back to the Overview screen, click Setup single sign on > Get Started, click SAML, click the Edit button for the Basic SAML Configuration section.
- While in the the Basic SAML Configuration pop up screen
- Copy the metadata url from the Single Sign-On setup screen in the LearnPlatform tab (bottom of the SSO setup screen)
- Paste this URL into the Identifier (Enitity ID) text box in Azure Portal’s Basic SAML Configuration.
- Copy the callback url from the Single Sign-On setup screen in the LearnPlatform tab (bottom of the SSO setup screen)
- Paste this URL into the Reply URL text box
- Click Save
Finish Configuring LearnPlatform Account
- Navigate back to Set up Single Sign-On with SAML in the Azure portal and click Edit on the Attributes & Claims section.
- From Attribute and Claims page, select either Claim name for name/user principal (if your email address is the same as your Azure login id) or email (if your Azure login id is different from your email address). This email address must match the email address of the user in LearnPlatform.
- Paste this value into the Email Attribute text box on the LearnPlatform Single Sign-On setup screen
- Select the Claim name for Given Name from Azure’s Attribute and Claims page
- Paste this value into First Name Attribute text box on the LearnPlatform Single Sign-On setup screen
- Select the Claim name for Surname from Azure’s Attribute and Claims page
- Paste this value into Last Name Attribute text box on the LearnPlatform Single Sign-On setup screen
- Navigate back to Set up Single Sign-On with SAML in the Azure portal and scroll to the SAML Signing Certificate section and click the Download link for Certificate (Base64).
- Open this downloaded file in a text editor and copy all the text in the file.
- Paste this certificate text into the Certificate text box on the LearnPlatform Single Sign-On setup screen. The text should appear similar to the below:
- Navigate back to Set up Single Sign-On with SAML in the Azure portal and scroll to the Set up LearnPlatform section.
- Click the Copy to clipboard button for Login URL
- Paste the Login URL into the Identity Provider Redirect URL text box on the LearnPlatform Single Sign-On setup screen.
- Click the Copy to clipboard button for Logout URL
- Paste the Login URL into the Identity Provider Redirect URL text box on the LearnPlatform Single Sign-On setup screen.
- Click Apply
- The LearnPlatform Single Sign-On configuration should look similar to below:
Assign Azure Application to Users
- While still in the LearnPlatform Application details in the Azure portal
- Select Users and Groups
- Add User/Group
- Select the users and groups you want to have access to LearnPlatform from Azure’s MyApps portal.
- Click Assign
Test Single Sign-on
- Log into https://myapps.microsoft.com/ with a user assigned to the LearnPlatform application
- Ensure that a LearnPlatform tile is present.
- Clicking on the tile should log the user into LearnPlatform
You are all set!
Troubleshooting
If you have questions or need additional support, please take a look at Troubleshooting my Single Sign On (SSO) for SAML or email support@learnplatform.com.