Creating the App
1. Log in to your Microsoft Azure Management Portal: https://portal.azure.com
2. Please ensure that you select the correct directory you wish to integrate. It is possible to have multiple directories in a single Azure tenant.
3. Open the Azure Active Directory node from the left navigation menu.
If the Azure Active Directory node is not listed in the left navigation menu, please click the All Services node.
Then search for Azure Active Directory, and open the node from the search results.
4. Select App Registrations from the menu to the left of the window.
5. Click the + New registration button located at the top of the right panel.
6. In the following window, enter the name of the application 'ClickView Online':
7. Select 'Accounts in this organizational directory only'
8. Insert the ClickView endpoint: https://saml-in4.clickview.com.au/Shibboleth.sso/SAML2/POST
9. And click 'Register'. Your SSO Application is now created and will be available under the Azure App registrations menu. From here you will be required to make some modification to your application properties.
Configuring App Settings
10. To begin, select your application from the App registrations page - it is likely that you already have it open and may see something like this:
11. In the left menu, click the Branding node.
12. Set the Home page URL field to https://saml-in4.clickview.com.au/Shibboleth.sso/ and then your ADM username.
If you do not know your ADM username, please contact ClickView Customer Support and they can provide this information to you.
You can also set the app logo, which can be obtained from here or here if desired - your choice.
After you have made your changes, click the Save button.
13. In the left menu, click the Authentication node.
14. Under Redirect URLs enter as a Web Redirect:
Ensure the ClickView Post Endpoint is present https://saml-in4.clickview.com.au/Shibboleth.sso/SAML2/POST
Delete any other Redirect URLs
15. For the Logout URL: insert: https://login.windows.net/common/oauth2/logout
16. Under Advanced settings: Logout URL enter:
Then click Save
17. Ensure that 'Access tokens' is checked and then select 'Save' at the top bar.
18. In the left menu, click the Expose an API node.
19. Click the + Add a scope button.
20. Change the Application ID URL to:
Then click Save and continue
21. Create a Scope name, Admin consent display name and Admin consent description that makes sense to you and your environment.
Editing App Manifest
At this point, you will need to make some minor modifications to the application manifest.
22. The application manifest file can be found by clicking the Manifest node in the left menu
This will open the Manifest Editor in the right panel.
23. Ensure the following JSON values are configured correctly:
- Remove any values in “appRoles”
- Set “groupMembershipClaims” to “All”
- Check signInURL, identifierURLs, logoutURL and replyURLs are set correctly based on the previous config settings.
Please note that replyURLs are Redirect URLs
- Save the manifest file.
24. Please return to the Victorian Primary SSO Onboarding Form and complete all the other information, you will require:
a). Your Azure AD Federation Metadata URL
This can be obtained by going to the Overview node in the left menu and clicking the Endpoints tab at the top of the right panel.
The Federation metadata document is the correct endpoint.
We can obtain the entity ID from the metadata.
Please paste the URL into your browser and right click, press “Save As” and rename the file to include your school name and attach the file to the Victorian Primary SSO Onboarding Form.
b). A list of all e-mail domains in use at your institution by staff and students.
c). A Valid test username and password to perform verification testing. Preferably for both a staff and student account.
d). Group object IDs associated with your year groups. eg. K-12/13 and Staff etc.
Note: Azure does not provide group names in human-readable text.
You will need to obtain the object IDs by navigating to the Groups node in Azure Active Directory
25. From there, select the groups you intend to send to ClickView.
The following images indicates where these object IDs can be located in the group properties:
These are the Group Mappings you will need for the Victorian Primary SSO Onboarding Form. Please refer back to the Onboarding Form and complete the remaining fields and click Submit.