Azure is a Microsoft product that provides a federated identity solution to connect users to applications within and outside institutions. Engage's flexible SSO Module Provider framework is designed to support a wide variety of identity solutions, enabling full integration of Azure Active Directory into your infrastructure in a few simple steps.
Integrating YuJa Engage to Azure Active Directory as an Enterprise Application
- Log into your Azure Active Directory Admin account.
- Select Enterprise Applications.
- Click New Application.
- Click Create Your own application.
- Give your application a name (e.g. YuJa Engage), then click Create.
- Your Engage application will now appear on the Enterprise Applications list within Azure. Select the application.
- You will need to add at least one user to the Engage application. From the left-side menu, select Users and Groups and then click Add user/group.
- After adding a user, click Single Sign-On from the left-side menu and click Edit within the Basic SAML Configuration panel.
- Fill out the information as shown below and then click Save.
-
Identifier: https://<institution>.yuja.com
- Example: https://evergreen.yuja.com
-
Reply URL: https://<institution>.yuja.com/sso/consume/
- Example: https://evergreen.yuja.com/sso/consume/
-
Identifier: https://<institution>.yuja.com
- Next, click Edit within the Attributes and Claims panel.
- Click Add New Claim
- Fill out the information as shown below and then click Save.
- Name: Role
- Source: Attribute
-
Source attribute: Enter "user." without the quotes, and then enter the attribute used to track roles on your SSO.
- Example: user.jobtitle
- After saving the claim above, scroll down to Set up and make note of the following information as it will be required:
- Login URL
-
Logout URL
- Please note that Engage only supports Non-Single Logout, i.e. logging out via a URL redirect to a single logout URL without additional parameters.
- Next, log into your Engage IT manager account and select Integrations from the left-side menu.
- Select SSO-Azure from the Choose Integration Type drop-down menu, fill out the information as shown below, and click Save. Once saved, you will be able to log in to Engage using your Azure integration.
-
General SSO Details
- Azure SSO URL: The login URL noted in step 10.
- Name ID Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
- Remote Logout URL: The logout URL noted in step 10.
-
User Provisioning
-
Given Name Attribute:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname -
Family Name Attribute: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
-
Email Attribute: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
-
Role Attribute: http://schemas.microsoft.com/ws/2008/06/identity/claims/role
-
Given Name Attribute:
-
Role Mapping
- IT Manager: Enter your SSO role, equivalent to the IT Manager role on Engage.
- Instructor: Enter your SSO role equivalent to the instructor role on Engage.
-
General SSO Details