Configuring Single-Sign-On with Azure
Note: Once enabled, our system does not notify your staff that they have access to LearnPlatform.
Prerequisites include:
- Organization Administrator access to your organization’s LearnPlatform account
- Azure Administrator access through your organization
- Your organization’s subdomain must be listed in LearnPlatform's setting configurations
Configuring LearnPlatform Account
- Sign in to your LearnPlatform administrator account, click on:
Settings > Single Sign On > Single Sign On Type > SAML 2.0
- Toggle “ON” the Use organization domain for callback urls at the bottom of your Single-Sign-On page.
Initial Azure Configuration
In a separate window or tab, sign in to your Azure portal.
Search for Enterprise Applications > Select Enterprise Applications > Click New Application > Click Create your own application
From the pop-up box on the right titled “Create your own application”
- Fill in the name you want to appear in Azure’s MyApps (e.g. “LearnPlatform”)
- Ensure that the option “Integrate any other application you don't find in the gallery (Non-gallery)” is selected
- Click Create
From the App Overview page, select Properties from the left menu.
- Download the following image to use as the icon for your custom SAML app. Upload this image as the App Icon.
- Select file to upload.
- Click Save
Navigate back to the Overview screen, click Setup Single Sign On > Get Started, click SAML, click the Edit button for the Basic SAML Configuration section.
While in the the Basic SAML Configuration pop up screen:
- Copy the metadata url from the Single Sign-On setup screen in the LearnPlatform tab (bottom of the SSO setup screen)
- Paste this URL into the “Identifier (Enitity ID)” text box in Azure Portal’s Basic SAML Configuration.
- On LearnPlatform’s SAML setup page (bottom of the page), copy the first callback url ending in ending in “/callback/”
- Paste this URL into the Azure Portal’s “Reply URL” text box
- Click Save
Finish Configuring LearnPlatform Account
- Navigate back to Set up Single Sign-On with SAML in the Azure portal and click Edit on the Attributes & Claims section.
- From Attribute and Claims page, select the Claim name for either “name/user principal name” (if your email address is the same as your Azure login id) or “email” (if your Azure login id is different from your email address). This email address must match the email address of the user in LearnPlatform.
- Paste this value into the “Email Attribute” text box on the LearnPlatform Single Sign-On setup screen
- Select the Claim name for “Given Name” from Azure’s Attribute and Claims page
- Paste this value into “First Name Attribute” text box on the LearnPlatform Single Sign-On setup screen
- Select the Claim name for “Surname” from Azure’s Attribute and Claims page
- Paste this value into “Last Name Attribute” text box on the LearnPlatform Single Sign-On setup screen
- Navigate back to Set up Single Sign-On with SAML in the Azure portal and scroll to the SAML Signing Certificate section and click the “Download” link for Certificate (Base64).
_insert_gif_
- Open this downloaded file in a text editor and copy all the text in the file.
- Paste this certificate text into the “Certificate” text box on the LearnPlatform Single Sign-On setup screen. The text should appear similar to the text below:
- Navigate back to Set up Single Sign-On with SAML in the Azure portal and scroll to the Set up LearnPlatform section.
- Click the “Copy to clipboard” button for Login URL
- Paste the Login URL into the “Identity Provider Redirect URL” text box on the LearnPlatform Single Sign-On setup screen.
- Click the “Copy to clipboard” button for Logout URL
- Paste the Login URL into the “Identity Provider Redirect URL” text box on the LearnPlatform Single Sign-On setup screen.
- Click “Apply”
- The LearnPlatform Single Sign-On configuration should look similar to below:
Assign Azure Application to Users
- While still in the LearnPlatform Application details in the Azure portal
- Select “Users and Groups”
- Add User/Group
- Select the users and groups you want to have access to LearnPlatform from Azure’s MyApps portal.
- Click “Assign”
_insert_gif_
Test Single Sign-on
- Log into https://myapps.microsoft.com/ with a user assigned to the LearnPlatform application
- Ensure that a LearnPlatform tile is present.
- Clicking on the tile should log the user into LearnPlatform
You are all set!
Troubleshooting
If you have questions or need additional support, please email support-lp@instructure.com.