In this article, we focus on how to configure SSO with Azure AD (Microsoft Azure Active Directory).
To enable SSO for your 360Learning space, first contact your Solution Architect (SA), they will guide you through the entire integration process and give you the Reply URL required to configure your Azure AD.
Add an unlisted application
To connect an application using an app integration template:
- Sign into the Azure management portal with your Azure Active Directory administrator account.
- Go to the Azure Active Directory → Enterprise Applications.
- Select New Application, and then create your own application.
- Back to the application configuration page, select Set up single sign-on.
- If you don’t see these options, contact your Azure AD admin.
- If you don’t see these options, contact your Azure AD admin.
- Select SAML.
- At the top right of Basic SAML Configuration, click Edit.
- Edit the following parameters:
- Sign on URL: https://yoursubdomain.360learning.com (check that a sub-domain has already been defined in your 360learning application settings).
- Identifier (Entity ID): https://app.360learning.com
- Reply URL (Assertion Consumer Service URL, also called ACS URL): the reply URL (ACS URL) in the metadata URL sent by your Solution Architect (SA).
- Click Next.
- Download the certificate (base64) and copy your App Federation Metadata URL and save it on your disk.
- Set the following parameters (which may have been pre-filled by Azure AD):
- Issuer url: the entityID in your Federation metadata
- Single sign-on service url: the SingleSignOnService Location url in your Federation metadata
- Single sign-out service url: the SingleLogoutService Location url in your Federation metadata
- Click Next.
- Click Complete.
Assign users and groups to your SAML application
As a security control, Azure AD will not issue a token allowing them to sign into 360Learning unless they have been granted access using Azure AD. Users may be granted access directly, or through a group that they are a member of.
To assign a user or group to 360Learning:
- Click Assign users and groups.
- Select the user or group, and click Assign.
Assigning a user will allow Azure AD to issue a token for the user, as well as causing a tile for 360Learning to appear in the user's Access Panel. An application tile will also appear in the Office 365 application launcher if the user is using Office 365.
Your application is now ready for testing. Send your metadata URL and the certificate to your Solution Architect (SA) who will get back to you for the next steps.