Configure SAML-based SSO using Azure Active Directory

Configure SAML-based SSO using Azure Active Directory

Overview

Get started with simplified user logins by setting up single sign-on (SSO) with Azure Active Directory for your site. After you set up SSO, your users can sign in to the mobile app by using their Azure AD credentials.

Create an application on the Azure Portal

  1. Sign in to your Azure Portal.
  2. Search for Azure Active Directory by using the search bar located at the top of the page.
  3. In the Azure Active Directory pane, select Enterprise applications.
  4. In the Enterprise applications pane, select New application.
  5. Select Non-gallery application.

  6. Name it how you'd like, we suggest SchoolInfoApp SSO, then select Add.

Configure your application

  1. You should see the newly created app's overview. If not, select Enterprise applications, then find and select your application.
  2. In the Manage section, select Properties.
  3. Set Visible to Users? to No and select Save.

  4. In the Manage section, select Single-sign on, then select SAML.
  5. In the Basic SAML Configuration section select Edit.
  6. Set the Identifier to https://sia-sso.azurewebsites.net/Saml2
  7. Set the Reply URL to https://sia-sso.azurewebsites.net/Saml2/Acs
  8. Select Save.

  9. In the User Attributes & Claims section select Edit.
  10. Select Add a group claim.
  11. Select All Groups and select Save.

Assign users to your application

If you want all of your users to be able to log in with this application:
  1. In the Manage section, select Properties.
  2. Set User assignment required? to No and select Save.
If you want to control who can log in with this application:
  1. In the Manage section, select Properties.
  2. Set User assignment required? to Yes and select Save.
  3. In the Manage section, select Users and groups.
  4. Add any users or groups.

(Optional) Create Groups so you can map users to different roles

By default, all users that log in through this application will be mapped to a default role that you provide later. Complete the following steps if you want to make a distinction between users based on which group they are a member of.
  1. Search for Groups by using the search bar located at the top of the page.
  2. Select New group.
  3. Set Group type to Security.
  4. Name the group however you'd like.
  5. Add Members by clicking on the No members selected link.
  6. Select Create.
  7. Repeat steps 2. - 6. to create more groups.
  8. Write down the values in the Object Id column. We don't need the names.
  9. Map each Object Id to a Role in our system (Administrator, Teacher, Student, Other, etc.)
  10. You will have to send us these mappings.

Provide the necessary information for us

  1. Navigate back to your application and then to the Single-sign on pane and scroll down until you see the SAML Signing Certificate and Set Up your app section.
  2. Download the Certificate (Base64).
  3. Write down the Login URL and Azure AD Identifier.
  4. Decide on a default app role in our system (Administrator, Teacher, Student, Other, etc.). Your Azure users are going to be assigned to this role when they log in the first time.
  5. At this point, you should have collected something like this:
    1. Certificate file: your_app.cer
    2. Login URL: https://login.microsoftonline.com/a08ab295-a001-407e-8a94-fe9fe4361c0d/saml2
    3. Azure AD Identifier: https://sts.windows.net/a08ab295-a001-407e-8a94-fe9fe4361c0d/
    4. Default role: Other
    5. (Optional) Role mappings:
      1. e8c50b29-b8c1-4369-9d9f-b54e07ecbe70 - Administrator
      2. 820d6194-3b32-4cfc-9236-adfb6989ba3a - Student
      3. 1cad411e-faa5-46cb-a602-2c9ef373de4a - Teacher

  6. Email us the information to content@schoolinfoapp.com with a subject like "SSO - Azure AD", so we can integrate your Azure AD application into our system.
  7. That's it, you are done! After we process your email you will see an extra login button in your mobile app.

    • Related Articles

    • Configure SAML-based SSO using Active Directory Federation Services (AD FS)

      Overview Get started with simplified user logins by setting up single sign-on (SSO) with Active Directory Federation Services for your site. After you set up SSO, your users can sign in to the mobile app by using their AD credentials. Add new Relying ...

    • Configure SAML-based SSO using Office 365

      Office 365 uses Azure Active Directory (Azure AD) as a user store so refer to Configure SAML-based SSO using Azure Active Directory. In the last step, you have to send us an email. In that email let us know, that you use Office 365.

    • Configure SAML-based SSO using Google Workspace (Formally G-Suite)

      Overview Get started with simplified user logins by setting up single sign-on (SSO) with Google Workspace for your site. After you set up SSO, your users can sign in to the mobile app by using their Google Workspace credentials. Set up a new SAML app ...

    • Configure SAML-based SSO for any identity provider

      Overview This article lists all information you need to add our service provider (SP) to your system and what we require to add your identity provider (IdP) to our system. About our service provider Metada location: ...

    • Directory Feature

      Objective To explain in detail how to use the Directory Feature including Adding a user to a desired folder, setting up a folder, and explaining over arching general settings that apply to the entire Directory as a whole Folder Settings Create a ...