Single Sign On
      Back to home
      1. Help Center
      2. Technical / API documentation
      3. Single Sign On

      Configuring SSO with Azure Active Directory

      This article guides Admin users step-by-step on how to configure SSO using Azure Active Directory (AD)

      Single Sign On (SSO) is a great way to further simplify the EdApp login process for your learners. SSO is a process where learners can sign in to EdApp using the credentials that are used to access their own organization's portal so that there’s no need for the learner to keep track of separate credentials for their EdApp accounts. 

      Configuring SSO for your EdApp training program using Azure AD is straightforward, and can be done in as little as 15 minutes.

      If you’d like domain recognition enabled for SSO, please reach out to us via live chat or your EdApp program manager - we would be happy to help.

      Contents

      Configure SSO in Azure

      Configure SSO in EdApp

      SCIM

      Configure SSO in Azure AD

      First, let’s start with setting up SSO in Azure AD (we’ll move on to setting this up in EdApp once this part is completed).

       

      Step 1:  Sign in to the Azure portal using your Azure Active Directory administrator account. Browse to the Active Directory > Enterprise Applications > New application > Non-gallery application section.

       

      Step 2: Fill in "EdApp" as the application name, select Add.

      Azure portal will redirect to the app overview page. Select Single sign-On > SAML

       

      Step 3: Update Basic SAML Configuration

      • Fill in Identifier (Entity ID) with https://admin.edapp.com
      • Fill in Reply URL with https://api.edapp.com/sso-saml-callback/<unique-company-identifier>
      • Fill in Logout URL with https://api.edapp.com/sso-logout/<unique-company-identifer>
      • The following example has <unique-company-identifier> as uniqueEdCustomerCompanyId you can make this up but ensure that it is identifiable and easy for your learners to type in e.g. companyname

       

      Step 4: Download Certificate (Base64) from SAML Signing Certificate section.

      If you are using "custom fields" in EdApp and you want to populate these fields from Azure AD you can send these values as custom claims. The name of the claim needs to be exactly the same as the field name in EdApp. Also the namespace of the claim needs to be blank.

      Example

      The firstname and lastname fields are supported out of the box in EdApp and can be passed as shown in the example below. In this example, the additional field "jobtitle" is passed as a claim as well and if configured in EdApp as a custom field it will be populated as soon as the user logs in using SSO.

      Consider yourself halfway done! Now that we’ve managed to set up SSO in Azure AD, we’re ready to configure SSO in EdApp.

       

      Configure SSO in EdApp

       

      Step 1: Sign in to Ed LMS using your Ed Admin account, and click on the dropdown arrow located on the upper right of your screen. Select Single Sign-On.

      Configuring SSO with Azure Active Directory

       

      You’ll then arrive to your Single Sign-On page, where you can tick the box next to Enable Single Sign-On in order to expand the page to see the SSO fields below:

       

      Configuring SSO with Azure Active Directory 1

       

      Step 2: Fill in Company ID with the same unique company identifier as above. E.g. uniqueEdCustomerCompanyId

       

      Step 3: Fill in SSO URL with the Login URL from Set up EdApp section.

       

      Step 4: Fill SAML Entity ID with https://admin.edapp.com

      Leave Assign user groups with SAML empty, as it is not applicable in this case

      The SAML certificate file is optional; please reach out to an EdApp support member for assistance with uploading the SAML certificate.

       

      Configuring SSO with Azure Active Directory 2

       

      Congratulations!  You’ve just configured your EdApp account with SSO, using Azure AD.  At this point, we recommend completing a round of successful testing by attempting login via SSO.  If you get stuck at any point along the way, be sure to reach out to our live chat desk, or your EdApp account manager - we’d be happy to lend a helping hand.  Additionally, feel free to share this Learner Guide for logging into EdApp using SSO with your users.

       

      If you’d like to learn about Dynamic User Groups, which is great for mapping via SSO, then we recommend checking out the Admin Guide for setting up Dynamic User Groups using Azure AD.


      SCIM

      With SCIM, it is possible to synchronise user information between Azure AD and EdApp. We only support importing users from Azure AD into EdApp, we never send back information to Azure AD.

      Before configuring SCIM in Azure AD, make sure to enable this function in EdApp https://admin.edapp.com/integrations/scim.

       
      To enable automatic provisioning of users

      Set the "Provisioning mode" to automatic and populate the Tenant URL field with "https://edappintegrations.com/scim/v2"

      In the secret token field paste the API key that can be found at: https://admin.edapp.com/app-settings/api

       

      Click the "Test Connection" button to see if the setup is successful.

      Save the settings.

      To setup custom fields, expand the mappings section and click "Provision Active Directory Users".