# SSO (Single Sign-on)

## SSO (Single Sign-on) Guide

In this article, we explain the process of how an admin can set up the **SSO (Single Sign-on)** for their student (**/learn**) portal. This will enable users to sign into the portal application using their **Azure Active Directory** credentials.

&#x20;

**1.** Access your Azure portal and navigate to **Azure Active Directory.**

![](/files/2OcEajERXABsy7Rd1DUR)

![](/files/b6ovyzdgZPHyCetRYfj0)

Please be advised that in order to enable SSO for users, they should exist in both the **cyberawaresecurity** and **Azure** platform.

&#x20;

**2.** From the menu on the left, go to **Enterprise applications.**

![](/files/IrZaZA1cPIADYEAY5ixx)

**3.** On the new directory, click on **New application.**

![](/files/2anb6oPRbqQaktlWmhqz)

You should get the following output:

![](/files/KOehQhqsMCknZAibOiXN)

**4.** Select **Create your own application:**

![](/files/I3GalGJwaTva0xv8rYJB)

![](/files/Jo9WpCqOaWbngLqohMdT)

**5.** Enter a name for your application. In this instance we will use **Examine** for demonstration purposes:

<div align="left"><img src="/files/km5gyTOzA1Q6UG4XXuDH" alt=""></div>

**6.** Make sure that the last option which states **Integrate any other application you don’t find in the gallery (Non-gallery)** is selected and click on **Create:**

<div align="left"><img src="/files/0BYg6k9jsCpj7JdJP4YI" alt=""></div>

It will direct you to **Browse Azure AD Gallery.** From there, you will be able to see a **Getting Started** section:

![](/files/Exk2UjIpNJnIwCrxJlk7)

**7.** Click on the **Get started** option of the second step indicating **Set up single sign on.**

![](/files/EhOJQQWA6XaRy0vWemQo)

**8.** Choose the **SAML** option from the new prompt:

![](/files/3FQkHwfxpze91Sy9oyXO)

We will demonstrate **two ways** in which we can configure the SSO.

&#x20;

**9.** But before we do that, let's see how we can add **Users and groups:**

<figure><img src="/files/024jVDjDQXEtMEdGD89k" alt=""><figcaption></figcaption></figure>

**10.** Click on the **Add user/group** option:

<figure><img src="/files/Hr8CakAPoXhtsVezSKlF" alt=""><figcaption></figcaption></figure>

You will be prompted with the following:

<figure><img src="/files/3QzWicjfWw0kUumbGIrT" alt=""><figcaption></figcaption></figure>

**11.** From there, select the **None Selected** option to view the available **Users and groups:**

<figure><img src="/files/gvvXSeQE24SKFjQeVfFi" alt=""><figcaption></figcaption></figure>

**12.** For this example, we will choose 1 group and 1 user and click on **Select:**

<figure><img src="/files/dBEoV4wNKSqhHuiAOldz" alt=""><figcaption></figcaption></figure>

**13.** Click on **Assign** to finalise the process.

<figure><img src="/files/25LbedHk9HaKTslrTxdr" alt=""><figcaption></figcaption></figure>

**14.** As we can see, the **Application assignment succeeded!**

<figure><img src="/files/V4rIIJt2er6CqgFx86VA" alt=""><figcaption></figcaption></figure>

**15.** Firstly, we will show the way where we **manually** configure the **Basic SAML Configuration.** To do that, click on the **Edit** button:

![](/files/uCtdqqvtbG1yid4g5OJJ)

You should enter the links required:

![](/files/WNOKcUzzcW7p5SZ4ziUX)

**16.** The **Entity ID** is the actual URL of the portal.

![](/files/aY7PleEDPYN6ZWB8TOYb)

**17.** The **Reply URL** is the URL of the portal with a **/saml/acs** added at the end.

![](/files/qMpyrLOmLZi7yTrAcu9r)

**18.** The **Sign on URL** or the **student portal link,** is essentially the URL of the portal with a **/learn** at the end.

![](/files/Fh2d3vGhzS1PSePkt4u0)

**19.** Finally, enter the **Logout Url** which is the **portal’s URL** with **/saml/slo** added at the end of the link.

![](/files/u02joQSr4bm5P3PWsTWb)

**20.** Let’s make an example:

![](/files/MPePyxIxfOUBsI0UebnS)

**21.** At the **Entity ID,** click on the **trash can** button next to the **default URL** to **delete** it:

![](/files/FFk2hdB9U2YinBIUQQCz)

This will automatically set our link as **Default:**

![](/files/gYyNazqX69Fp6FZGfWYB)

**22.** Click on **Save** to proceed.

![](/files/npDrGytfMDeP0uWsqMju)

**23.** As we can see, the single sign-on configuration was saved successfully!

![](/files/jOEY0hUDFfO2s7isjK91)

**24.** As a next step, you will have to navigate back to the **Set up Single Sign-On with SAML:**

![](/files/VdTgFKwPezyXbgfwNOkL)

**25.** Moreover, in a new tab or window, open and log in to your **cyberawaresecurity** platform branch. This is essentially your **Entity ID URL,** so for this demonstration we will be using the **examine:**

![](/files/YHlK6o3IzWCpos3gtpvj)

**26.** To enable Single Sign-on, scroll down and click on the **SSO (Single Sign-on)** section:

<div align="left"><img src="/files/EGwKnJZLy4LvfE7mv0DI" alt=""></div>

**27.** From there, click on the button right next to **Enable Single Sign-on.**

![](/files/NDqkb4frf1JyEk0M9BBO)

You should get the following output:

![](/files/UVNQhMDpotX4iLjhakso)

![](/files/oIDVTTqkfGQx4UNoc3dl)

**28.** We will take the information required from **Azure.** Switch back to your **Set up Single Sign-On with SAML** window:

![](/files/imZZ4NED7bi5aLnG7Y6n)

**29.** Scroll down to the **3rd point** called **SAML Signing Certificate** and **copy** the **App Federation Metadata Url.** To do that, **click** on the indicated button of the following screenshot:

![](/files/CsFbhrLCJIt5DkbynFiE)

This will be your **IDP Metadata URL:**

![](/files/HCkcdcn44jB0qLgyNWCZ)

**30.** Let’s use our **IDP Metadata URL** for demonstration:

![](/files/pjJIDNJFKzMjja3s6BN9)

For the **Attributes & Claims** records of the **SSO Configuration,** you will have to navigate to the **User Attributes & Claims.**

&#x20;

**31.** From the **Set up Single Sign-On with SAML** window, find the **2nd point** called **User Attributes & Claims** and click on the **Edit** button:

![](/files/b3CBdmwHHTAzzMAAu9M3)

You should get the following output:

![](/files/1Y9GtOGIvHXqNu70w4vm)

**32.** Before we start copying everything to the SSO Configuration, there is a change we must apply. Click on the **user.mail** attribute so we can edit:

![](/files/z4SceQ0bHagpkWH7Ya1X)

![](/files/r8hvU1OOYnXuys9dOWol)

**33.** As guided in the **Required claim,** let’s **replace** the **user.mail** with **user.userprincipalname:**

![](/files/8sw506ynI5QIG1vBO2Ab)

![](/files/t4jrK1dClvhiNoVQgk2u)

**34.** Click on **Save** to apply the changes:

![](/files/E1Cah6XGx2e7o0vwxnId)

**35.** As we can see, the value has been replaced successfully!

![](/files/vTxo7Pc4V9GSpaZTHyyE)

**36.** Finally, let’s enter the rest of the attributes, starting with **Unique ID.** This would be the suggested URL, but we replace the **/emailaddress** with **/mail** at the end of the link.

![](/files/mCHKU6IWdW2L47wqPjTG)

In other words:

![](/files/SfJFuzupdRnvhmwDqFCm)

**37.** The rest of the details we can just copy and paste accordingly:

![](/files/Mza3m0uHJoPDMVpTDOiu)

**38.** Click on the **Save** button:

![](/files/Jy6kRWs7uysyuYZDyPoT)

**39.** As we can see, the SSO configuration was updated successfully!

![](/files/CCjdtzVUKvIr059gLnPI)

**40.** Let’s also demonstrate the **alternative** way to configure SSO where the **Basic SAML Configuration** is configured **automatically.** To do that, complete the **first 8 steps.** You should reach the **Set up Single Sign-On with SAML** window:

![](/files/30mepAUuwyW96vsBYul8)

**41.** Select the **Edit** button of the **Basic SAML Configuration:**

![](/files/aWADz2kvGKcMfPzKTEok)

You should enter the links required:

![](/files/FePDdSVH2Qi4yqfwY3m2)

**42.** The links are the same as before, so let’s enter them and save the changes!

![](/files/n9qwqAmBwQYzMkgyvZ3I)

**43.** As we can see, the **single sign-on configuration** was saved successfully!

![](/files/maixLTuMqbFWidL1DFsr)

**44.** Finally, complete the rest of the steps (**19-33**) so the SSO configuration is in place, and you reach the confirmation prompt:

![](/files/zdF8MsOxXDCfrBntlXYp)

**45.** From there, click on the **Download Metadata XML** button:

![](/files/tNcO4PoNpe7Yps8okUO9)

You should get the following file:

![](/files/KC61hs0fbjqUdEbUQzsD)

**46.** To conclude the process, switch back to your **Set up Single Sign-On with SAML** window and click on the **Upload metadata file** option:

![](/files/EC3vVI887yZKDk3pkMsu)

**47.** Enter the **metadata** file and click on the **Add** button:

![](/files/gdbb4yRBAAkSJJvtOQ3i)

**48.** The **SAML** file will be uploaded as expected and the **Basic SAML Configuration** prompt will pop up:

![](/files/oAJAYT64kJfYKxQSSWi7)

**49.** Click on the **Save** button to apply the changes:

![](/files/UpWvWjnMZ9N01aKqd1ss)

**50.** As expected, the configuration was saved successfully!

![](/files/26GUfC2AYE4dnL7XaPD2)

**51.** Close the **Basic SAML Configuration** prompt to view the added details:

![](/files/uhKX3H88Mhli1n2xV7mr)

**52.** You can now go ahead and login as a user in the student (**/learn**) portal. Since SSO has been enabled, you will be redirected to the Microsoft login screen:

![](/files/uDxlgkNORvR6EB0riYdF)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cyberawaresecurity.com/admin-portal/sso-single-sign-on.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.