Configuring SSO with Azure Active Directory

This article guides Admin users step-by-step on how to configure SSO using Azure Active Directory (AD)

Single Sign On (SSO) is a great way to further simplify the EdApp login process for your learners. SSO is a process where learners can sign in to EdApp using the credentials that are used to access their own organization's portal so that there’s no need for the learner to keep track of separate credentials for their EdApp accounts. 

Configuring SSO for your EdApp training program using Azure AD is straightforward, and can be done in as little as 15 minutes.

If you’d like domain recognition enabled for SSO, please reach out to us via live chat or your EdApp program manager - we would be happy to help.

Contents

Configure SSO in Azure

Configure SSO in EdApp

SCIM

Configure SSO in Azure AD

First, let’s start with setting up SSO in Azure AD (we’ll move on to setting this up in EdApp once this part is completed).

 

Step 1:  Sign in to the Azure portal using your Azure Active Directory administrator account. Browse to the Active Directory > Enterprise Applications > New application > Non-gallery application section.

 

Step 2: Fill in "EdApp" as the application name, select Add.

Azure portal will redirect to the app overview page. Select Single sign-On > SAML

 

Step 3: Update Basic SAML Configuration

  • Fill in Identifier (Entity ID) with https://admin.edapp.com
  • Fill in Reply URL with https://api.edapp.com/sso-saml-callback/<unique-company-identifier>
  • Fill in Logout URL with https://api.edapp.com/sso-logout/<unique-company-identifer>
  • The following example has <unique-company-identifier> as uniqueEdCustomerCompanyId you can make this up but ensure that it is identifiable and easy for your learners to type in e.g. companyname

 

Step 4: Download Certificate (Base64) from SAML Signing Certificate section.

If you are using "custom fields" in EdApp and you want to populate these fields from Azure AD you can send these values as custom claims. The name of the claim needs to be exactly the same as the field name in EdApp. Also the namespace of the claim needs to be blank.

Example

The firstname and lastname fields are supported out of the box in EdApp and can be passed as shown in the example below. In this example, the additional field "jobtitle" is passed as a claim as well and if configured in EdApp as a custom field it will be populated as soon as the user logs in using SSO.

Consider yourself halfway done! Now that we’ve managed to set up SSO in Azure AD, we’re ready to configure SSO in EdApp.

 

Configure SSO in EdApp

 

Step 1: Sign in to Ed LMS using your Ed Admin account, and click on the dropdown arrow located on the upper right of your screen. Select Single Sign-On.

Configuring SSO with Azure Active Directory

 

You’ll then arrive to your Single Sign-On page, where you can tick the box next to Enable Single Sign-On in order to expand the page to see the SSO fields below:

 

Configuring SSO with Azure Active Directory 1

 

Step 2: Fill in Company ID with the same unique company identifier as above. E.g. uniqueEdCustomerCompanyId

 

Step 3: Fill in SSO URL with the Login URL from Set up EdApp section.

 

Step 4: Fill SAML Entity ID with https://admin.edapp.com

Leave Assign user groups with SAML empty, as it is not applicable in this case

The SAML certificate file is optional; please reach out to an EdApp support member for assistance with uploading the SAML certificate.

 

Configuring SSO with Azure Active Directory 2

 

Congratulations!  You’ve just configured your EdApp account with SSO, using Azure AD.  At this point, we recommend completing a round of successful testing by attempting login via SSO.  If you get stuck at any point along the way, be sure to reach out to our live chat desk, or your EdApp account manager - we’d be happy to lend a helping hand.  Additionally, feel free to share this Learner Guide for logging into EdApp using SSO with your users.

 

If you’d like to learn about Dynamic User Groups, which is great for mapping via SSO, then we recommend checking out the Admin Guide for setting up Dynamic User Groups using Azure AD.


SCIM

With SCIM, it is possible to synchronise user information between Azure AD and EdApp. We only support importing users from Azure AD into EdApp, we never send back information to Azure AD.

Before configuring SCIM in Azure AD, make sure to enable this function in EdApp https://admin.edapp.com/integrations/scim.

 
To enable automatic provisioning of users

Set the "Provisioning mode" to automatic and populate the Tenant URL field with "https://edappintegrations.com/scim/v2"

In the secret token field paste the API key that can be found at: https://admin.edapp.com/app-settings/api

 

Click the "Test Connection" button to see if the setup is successful.

Save the settings.

To setup custom fields, expand the mappings section and click "Provision Active Directory Users".