Microsoft Azure AD: Enterprise Application setup
This article will provide guidance to configure Azure Enterprise application for ClickView with Microsoft Azure Active Directory.
1. Sign in to Azure portal via https://portal.azure.com -> Azure Active Directory -> Enterprise applications -> +New application:
2. Within the ‘Enterprise applications’ select ‘+Create your own application’:
3. Enter the name for ClickView application, and select the option of ‘Register an application to integrate with Azure AD (App you're developing)’ and click on the ‘Create’ button:
4. Under the ‘Register an application’ section, select the ‘Single tenant’ option and enter:
Redirect URI: https://saml-in1.clickview.us/Shibboleth.sso/SAML2/POST
5. Upon clicking on the ‘Register’ button in step 4, you will be re-directed to the main ‘Enterprise Applications’ landing page. Search for the ClickView application which was just registered and select it:
6. Open the ‘Single sign-on’ tab from the left-hand pane options:
7. Navigate to ‘Basic SAML Configuration’ within Single sign-on and enter the following details:
A: Identifier (Entity ID)
B: Reply URL (Assertion Consumer Service URL)
C: Sign on URL
NOTE: The HomePage URL is https://saml-in1.clickview.us followed by '/Shibboleth.sso/' and then your ADM username.
D: Logout URL
8. Once the SAML configuration is completed, we can move on to configuring the User Attributes & Claims:
To add a new claim, click on ‘+ Add a Group Claim’ and choose ‘Security Groups’ then ‘Save’, and proceed to add the following claims using the following standard:
9. SSO Onboarding:
For completing the integration please provide us with:
- App Federation Metadata URL retrieved in Step 7 in Setting up ClickView Online enterprise application in Azure AD section,
- A list of all the attribute values. They will allow us to identify a school that a user belongs to,
- A list of all staff and student groups (object-IDs) and corresponding schools. This will allow us to map users to relevant year group in ClickView,
- Test student and test staff account credentials that have all attributes correctly populated so that we can test the single sign-on integration and confirm claims are exposed.