SSO (Single Sign-on)

SSO (Single Sign-on) Guide

In this article, we explain the process of how an admin can set up the SSO (Single Sign-on) for their student (/learn) portal. This will enable users to sign into the portal application using their Azure Active Directory credentials.

1. Access your Azure portal and navigate to Azure Active Directory.

Please be advised that in order to enable SSO for users, they should exist in both the cyberawaresecurity and Azure platform.

2. From the menu on the left, go to Enterprise applications.

3. On the new directory, click on New application.

You should get the following output:

4. Select Create your own application:

5. Enter a name for your application. In this instance we will use Examine for demonstration purposes:

6. Make sure that the last option which states Integrate any other application you don’t find in the gallery (Non-gallery) is selected and click on Create:

It will direct you to Browse Azure AD Gallery. From there, you will be able to see a Getting Started section:

7. Click on the Get started option of the second step indicating Set up single sign on.

8. Choose the SAML option from the new prompt:

We will demonstrate two ways in which we can configure the SSO.

9. But before we do that, let's see how we can add Users and groups:

10. Click on the Add user/group option:

You will be prompted with the following:

11. From there, select the None Selected option to view the available Users and groups:

12. For this example, we will choose 1 group and 1 user and click on Select:

13. Click on Assign to finalise the process.

14. As we can see, the Application assignment succeeded!

15. Firstly, we will show the way where we manually configure the Basic SAML Configuration. To do that, click on the Edit button:

You should enter the links required:

16. The Entity ID is the actual URL of the portal.

17. The Reply URL is the URL of the portal with a /saml/acs added at the end.

18. The Sign on URL or the student portal link, is essentially the URL of the portal with a /learn at the end.

19. Finally, enter the Logout Url which is the portal’s URL with /saml/slo added at the end of the link.

20. Let’s make an example:

21. At the Entity ID, click on the trash can button next to the default URL to delete it:

This will automatically set our link as Default:

22. Click on Save to proceed.

23. As we can see, the single sign-on configuration was saved successfully!

24. As a next step, you will have to navigate back to the Set up Single Sign-On with SAML:

25. Moreover, in a new tab or window, open and log in to your cyberawaresecurity platform branch. This is essentially your Entity ID URL, so for this demonstration we will be using the examine:

26. To enable Single Sign-on, scroll down and click on the SSO (Single Sign-on) section:

27. From there, click on the button right next to Enable Single Sign-on.

You should get the following output:

28. We will take the information required from Azure. Switch back to your Set up Single Sign-On with SAML window:

29. Scroll down to the 3rd point called SAML Signing Certificate and copy the App Federation Metadata Url. To do that, click on the indicated button of the following screenshot:

This will be your IDP Metadata URL:

30. Let’s use our IDP Metadata URL for demonstration:

For the Attributes & Claims records of the SSO Configuration, you will have to navigate to the User Attributes & Claims.

31. From the Set up Single Sign-On with SAML window, find the 2nd point called User Attributes & Claims and click on the Edit button:

You should get the following output:

32. Before we start copying everything to the SSO Configuration, there is a change we must apply. Click on the user.mail attribute so we can edit:

33. As guided in the Required claim, let’s replace the user.mail with user.userprincipalname:

34. Click on Save to apply the changes:

35. As we can see, the value has been replaced successfully!

36. Finally, let’s enter the rest of the attributes, starting with Unique ID. This would be the suggested URL, but we replace the /emailaddress with /mail at the end of the link.

In other words:

37. The rest of the details we can just copy and paste accordingly:

38. Click on the Save button:

39. As we can see, the SSO configuration was updated successfully!

40. Let’s also demonstrate the alternative way to configure SSO where the Basic SAML Configuration is configured automatically. To do that, complete the first 8 steps. You should reach the Set up Single Sign-On with SAML window:

41. Select the Edit button of the Basic SAML Configuration:

You should enter the links required:

42. The links are the same as before, so let’s enter them and save the changes!

43. As we can see, the single sign-on configuration was saved successfully!

44. Finally, complete the rest of the steps (19-33) so the SSO configuration is in place, and you reach the confirmation prompt:

45. From there, click on the Download Metadata XML button:

You should get the following file:

46. To conclude the process, switch back to your Set up Single Sign-On with SAML window and click on the Upload metadata file option:

47. Enter the metadata file and click on the Add button:

48. The SAML file will be uploaded as expected and the Basic SAML Configuration prompt will pop up:

49. Click on the Save button to apply the changes:

50. As expected, the configuration was saved successfully!

51. Close the Basic SAML Configuration prompt to view the added details:

52. You can now go ahead and login as a user in the student (/learn) portal. Since SSO has been enabled, you will be redirected to the Microsoft login screen:

Last updated