Azure is a Microsoft product that provides a federated identity solution to connect users to applications, both within and outside institutions. The Video Platform's flexible SSO Module Provider framework is designed to support a wide variety of identity solutions, enabling full integration of Azure Active Directory into your infrastructure in a few simple steps.
This document is intended to guide users on how to integrate their institution's Azure Active Directory as a SSO system to log users into the Video Platform (“Service Provider”) (SP) using the SAML 2.0 protocol. Once configured properly, users should be able to perform an SP-initiated login on the Video Platform side, be redirected to the Identity Provider (IDP) and prompted for credentials, get successfully authenticated, then redirected back to the Video Platform where they will be signed in as a user.
For some steps, <organization> is to be replaced by the wildcard DNS of the organization associated with the Video Platform. As an example, for “https://hudson.yuja.com”, <organization> would be replaced by “hudson”.
Adding YuJa to Azure Active Directory as an Enterprise Application
The first step is to add the Video Platform to Azure Active Directory as an Enterprise Application.
- Log into your Azure Active Directory Admin account.
- From the left side menu, click on Azure Active Directory, then choose Enterprise Applications.
- Next, click on New Application.
- Choose Non-Gallery Application, then type in the desired name for YuJa.
- YuJa will now show up on the list of Enterprise Applications within Azure.
Integrating Azure Active Directory into the Video Platform
The next step is integrating Azure Active Directory into the Video Platform.
- First, add at least 1 test user to the YuJa application within Azure. This can be done by clicking on the Users and Groups under Manage.
- Under Manage, click Single Sign-On, and choose SAML as the integration option.
- From the current page, click on the Pencil icon to edit Basic SAML Configuration as follows.
- Identifier (Entity ID): https://<organization>.yuja.com
- Reply URL (Assertion Consumer Service URL): https://<organization>.yuja.com/D/SamlReceiveResponse
- Login URL
- Logout URL
- Azure SSO URL: Login URL obtained from the above step.
- Name ID Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
- Azure Signing Certificate Fingerprint: Thumbprint obtained from the above step.
- Logout URL: Logout URL obtained from the above step.
- Given Name Attribute: user.givenname
- Family Name Attribute: user.surname
- Email Attribute: user.email