/
Set up Open eLMS SSO for Azure AD

Set up Open eLMS SSO for Azure AD

These instructions demonstrate how SAML based SSO is enabled by installing the ‘Azure AD SAML Toolkit’ enterprise application and adding your users to it.

 Instructions

Follow these step by step instructions …

  1. Go to Azure Active Directory/Enterprise Applications/New Application and search for  ‘Azure AD SAML Toolkit’(Microsoft Entra SAML Toolkit)

  2. Select  ‘Azure AD SAML Toolkit’, change its name to something else, e.g.  ‘Open eLMS SAML SSO’ and click on ‘Create’

  3. The new application should be selected. Go to the ‘Single sign-on’ section. Select ‘SAML’.

  4. Click ‘Edit’ next to  ‘Basic SAML Configuration’. Enter the following information:

     

    Identifier (Entity ID):

    https://learning.openelms.com/simplesaml/module.php/saml/sp/metadata.php/CLIENTDOMAIN

    Reply URL (Assertion Consumer Service URL):

    https://learning.openelms.com/saml/module.php/saml/sp/saml2-acs.php/CLIENTDOMAIN

    Sign on URL:

    https://learning.openelms.com/CLIENTDOMAIN/saml

     

    Save the settings

  5. Go to ‘SAML Signing Certificate’. Download the ‘Federation Metadata XML’ file and email it to us. You will not be able to use the SSO until we have received the federation metadata.

  6. Go to ‘Users and groups’ and add the desired set of users/groups to the application.

     

  7. Once you have the app configured and we have imported the federation metadata, you will be able to test the SSO by going to this url:

    https://learning.openelms.com/CLIENTDOMAIN/saml

    Your users can also access Open eLMS through the new application too.

  8.  (Optional) You may decide to add/change the user attributes which are used by the SSO. By default, the app will give Open eLMS access to email (this is mandatory, SSO will not work without an email), first name, last name and some other details which are not used by Open eLMS. You can control the list of attributes by going to ‘Single Sign On/Attributes & Claims’. For example, you can set up a department, location or job title attribute. Please let us know if you do this and send us the exact claims which are used to retrieve the corresponding attributes. For example, the claim name of the email address attribute is 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress’

These are instructions for the use of third party software so the information may differ from one installation to another depending upon versioning and set up. Please check your local instructions if unsure, we do not support the running and configuration of MS Azure.

 Related articles