EdAlive Central (Schools) - SSO - Azure App Setup Process

EdAlive Central (Schools) - SSO - Azure App Setup Process

 ⚠️ Please make sure to delete any existing EdAlive Central Apps before creating a new one.

 

Azure App Setup Process in Summary

  1. Create a New Non Gallery Enterprise Application
  2. Configure the Single sign-on SAML settings as:
    1. Basic SAML Configuration

      1. Identifier (Entity ID)  ->  https://central.edalive.com/api/saml2/metadata

      2. Reply URL (Assertion Consumer Service URL)  ->  https://central.edalive.com/api/saml2/acs

      3. Sign on URL  ->  https://central.edalive.com/auth/login

      4. Relay State  ->  Optional

      5. Logout Url  ->  https://central.edalive.com/api/saml2/sls

    2. User Attributes & Claims

      1. givenname -> user.givenname

      2. surname -> user.surname

      3. emailaddress -> user.mail

      4. name -> user.userprincipalname

      5. Unique User Identifier 

        1. ⚠️ Edit the claim, set the identifier format to persistent.

        2. Source attribute -> user.objectid* or user.userprincipalname (*recommended, see steps below)

      6. Add a group claim

        1. All groups

        2. Group ID

        3. Save

  3. Add all of your users, make sure they are in their relevant teacher and student groups. Users in multiple school/campus setups must also be in a group specific to their respective school/campus.

  4. Use this link ->  Click Here to use the Azure SSO Setup Template Email  to send us:
    1. The App Federation Metadata URL:
    2. The teacher group Object Id:
    3. The student group Object Id:
    4. Each School/campus group Object Ids (where applicable):
    5. Domain name portion of email addresses
      1. Teachers:
      2. Students (if different to above):
    6. Sample Student Username:
    7. Sample Student Password:
  5. Wait for confirmation from us to confirm setup has been completed on our end.
  6. Begin testing.

Azure App Setup Process in Detail

Use the screenshots below to help you set up a  Non Gallery Enterprise Application for EdAlive Central Single Sign On. The images can be clicked on to enlarge and then using the magnifying glass in the top right corner to zoom in further.

All of the steps are performed in Microsoft Azure. To begin, log into your administrator account.

In the Azure Portal:

 

 Click on “Enterprise Applications” on the left of the screen.

 

 

You will see the following page:

 

 

 

Add a new application by pressing the below button near the top of the page.

 

Choose a Non-gallery Application by pressing the below button near the centre of the page.

 

Name the new Application (we suggest “EdAlive Central”, as it will be easy to remember) and click “Add” on the bottom of the page.

You will then see this screen.

 

Next, click on the ‘Single sign-on” button on the centre-left of the screen.

 

You will then see these four options.

Press the “SAML” button.

You will then be presented with this:

There are multiple settings to change on this page. Firstly, edit the Basic SAML Configuration Settings by pressing the ‘Edit” button in the first box, as seen below.

 
An overlay with the settings will appear. Set the following:
 
Reply URL (Assertion Consumer Service URL) -> https://central.edalive.com/api/saml2/acs
Relay State -> Optional
 
 
  After you adjust the settings appropriately, the Basic SAML Configuration box should look like this:
 
 
Next, edit the User Attributes & Claims Settings by pressing ‘Edit” on the second box.
  Edit the Required Claim.
 
Change the Identifier format to Persistent from Email Address.
               
Here you have a choice. You can leave this as the user.userprincipalname (this will allow you to use the User Principal Name as the Name ID in your EdAlive Central SAML Import CSVs), or you can change this to the user.objectid. We suggest that you use user.objectid as a preventative measure in the event that a student or teacher get assigned a new User Principal Name or email address (eg change of last name john.smith@school.edu.au becomes johnbrown@school.edu.au ). If a student is assigned a new email address or UPN, our system would have no way of identifying that the accounts are the same if the source attribute that you assign to the Name ID changes. For this reason, we suggest you use the easily obtainable and exportable Object ID as this will not change if the teacher or students details change. 
 
The steps for both are below:
 
 
 
Add a group claim (this is to help identify whether an account is in a teacher group or student group as well as for those schools with multiple campuses).
 
We suggest you set Group Claims to “All groups”.
 
Be sure to check that your new User Attributes and Claims settings have been saved successfully.
 
Next, please send us the App Federation Metadata URL that you can see below:
 
 
To set up your teachers and students, locate the Users and Groups Settings of the EdAlive Central App. The button is located on the left side of the page.
 
Add your students and teachers to the “Users” list.
 
 
 Please be sure to send us the App Federation Metadata URL. We will send you a reply to confirm that we have set up your Single Sign On details and that you can proceed with testing as below.
               
Finally, navigate back to the Single Sign On Settings on the left of the page:
 
 
  
Try logging in to EdAlive Central through your new Single Sign On App by pressing “Test” button at the bottom of the menu.
 
You can sign in with another account to test multiple accounts.
 
              
This completes the application setup.
 

      Download the PDF Guide


        Download the PDF Guide


          Download the PDF Guide

            Download the PDF Guide


              Download the PDF Guide

                Download the PDF Guide


                  Download the PDF Guide

                    Download the PDF Guide