/
Configuring Azure Active Directory (AAD) for EdSmart SAML Single Sign-On (SSO)

Configuring Azure Active Directory (AAD) for EdSmart SAML Single Sign-On (SSO)

Configuring Azure Active Directory (AAD) for EdSmart Single Sign-On (SSO)

The following instructions walk through the configuration steps required to set up SAML2 based SSO between EdSmart and Azure AD.

  1. In Azure AD, from the left panel, choose “Enterprise Applications”, then click “New application”.

 

 

2. In the “Browse Azure AD Gallery (Preview)” page, choose “Create your own application”. In the “Create your own application” dialog box, give a name to the app and choose “Integrate any other application you don't find in the gallery”, then click “Create”.



 

3. Jump to the application created in step 2. In the left panel, click “Single-sign-on”. Select “SAML”.

 

 

4. Obtain EdSmart’s SAML Service Provider configuration from the following link:

metadata.xml

 

5. Click “Upload metadata file” at the top of the page, then select the EdSmart metadata file from your local machine and click “Add”.

You’ll see the following diagram once the metadata is successfully parsed. Click “Save”.

 



6. Next, we need to add claims required by EdSmart. Click “Edit”.

 

Add required claims in the “User Attributes & Claims” page. There are 5 mandatory claims to send through when authenticating:

  • UserID : user’s sms id if they have one, or email address instead

  • mail : user’s email address

  • givenName : user’s first name

  • sn : user’s last name

  • role : the role claim may depend on your requirements. EdSmart will authenticate the user once they have a value in this claim and block the user if this role claim is null. It is up to you to work out the criteria for valid users. You can code a custom claim to determine whether to populate or not populate ‘role’ based on those criteria. Here, the example uses “user.department” as the criterion for populating the role claim.

Once all the claims are setup, the page should resemble the following:

 

 

7. Share your SAML SSO metadata with EdSmart. The metadata is available in the third section. You can send us the “App Federation Metadata Uri” (preferred option), or download the full xml and send that as a file.



 

8. Finally, provide EdSmart with a test username and password that we can use to verify and troubleshoot the SSO integration.