Azure is a Microsoft product that provides a federated identity solution to connect users to applications, both within and outside institutions. The Video Platform's flexible SSO Module Provider framework is designed to support a wide variety of identity solutions, enabling full integration of Azure Active Directory into your infrastructure in a few simple steps.
This document is intended to guide users on how to integrate their institution's Azure Active Directory as a SSO system to log users into the Video Platform (“Service Provider”) (SP) using the SAML 2.0 protocol. Once configured properly, users should be able to perform an SP-initiated login on the Video Platform side, be redirected to the Identity Provider (IDP) and prompted for credentials, get successfully authenticated, then redirected back to the Video Platform where they will be signed in as a user.
For some steps, <organization> is to be replaced by the wildcard DNS of the organization associated with the Video Platform. As an example, for “https://hudson.yuja.com”, <organization> would be replaced by “hudson”.
Adding YuJa to Azure Active Directory as an Enterprise Application
The first step is to add the Video Platform to Azure Active Directory as an Enterprise Application.
- Log into your Azure Active Directory Admin account.
- From the left side menu, click on Azure Active Directory, then choose Enterprise Applications.
- Next, click on New Application.
- Choose Non-Gallery Application, then type in the desired name for YuJa.
- YuJa will now show up on the list of Enterprise Applications within Azure.
Integrating Azure Active Directory into the Video Platform
The next step is integrating Azure Active Directory into the Video Platform.
- First, add at least 1 test user to the YuJa application within Azure. This can be done by clicking on the Users and Groups under Manage.
- Under Manage, click Single Sign-On, and choose SAML as the integration option.
- From the current page, click on the Pencil icon to edit Basic SAML Configuration as follows.
- Identifier (Entity ID): https://<organization>.yuja.com
- Reply URL (Assertion Consumer Service URL): https://<organization>.yuja.com/D/SamlReceiveResponse
- After saving the configuration above, scroll down on the same page. Copy this information and keep them on a separate file.
- Login URL
- Logout URL
- Please note that the Video Platform only supports Non-Single Logout, i.e. logging out via a URL redirect to a single logout URL without additional parameters.
- Next, log into your Video Platform Administrator account and go to the Admin Panel. Navigate to the Integrations page, then pick SSO - Azure (SAML) from the list. Enter the following information then click Save.
- Azure SSO URL: Login URL obtained from the above step.
- Name ID Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
- Azure Signing Certificate Fingerprint: Thumbprint obtained from the above step.
- Logout URL: Logout URL obtained from the above step.
- Given Name Attribute: user.givenname
- Family Name Attribute: user.surname
- Email Attribute: user.email
- Select Save then click Activate on the top right corner of the page to activate the SSO - Azure (SAML) integration.
- Now, go to your YuJa Video Platform Zone, https://<organization>.yuja.com, and confirm that Single-Sign-On is now a login option.