In this document you will find instructions on how to configure and setup Single Sign-on (SAML) integration with Microsoft Azure
In this document, you will find instructions on how to configure and setup Single Sign-on (SAML) integrations with Microsoft Azure
Microsoft Azure Logging In
Visit the Azure Active Directory https://azure.microsoft.com/en-us/services/active-directory/ and Login using your Microsoft account.
After signing in you’ll be at the Azure dashboard.
Find the Application
Next, you’ll need to find the Curricula SAML application in the Active Directory. Once logged
into the dashboard click on Azure Active Directory in the left menu.
Next, you’ll need to click on the Enterprise applications button.
On the next page you’ll want to click All applications. On that page you will see a search box where you can search for Curricula SAML
Once you find the Curricula SAML application, select it from the list.
Configure the Sign-on URL
Next, we need to sign-in to Curricula and create a new Group (which will allow us to enable Single Sign-on for that particular group of users). Visit https://mycurricula.com/login, and login. Then, navigate to the Settings --> Learners --> then scroll down to the Group section and click on the purple 'Create Group' button:
Give your Group a unique name and description and then click 'Create'.
After creating this new group, you will now have access to some more information about that group by selecting 'Edit' on that Group. Click on the 'Access' tab and then from the Authentication Type dropdown select SAML Single Sign-on and click Update.
After you click on Update, you’ll see a few new fields displayed below. One of them is Service Provider Sign In URL.
Copy that URL and let's jump back over to the Azure Directory.
Back in the Azure Directory, we need to configure single sign-on for the Curricula application. Click on the Single sign-on button in the left hand menu. Then click the edit button in the Basic SAML Configuration block.
On the Basic SAML Configuration section, enter the URL that you copied from the Curricula Group page into the following fields:
After updating those fields click on the Save button.
Finally, we need to add the Microsoft Azure Sign-on URL to our Group page. Back at the Single Sign-on page, click on the properties option on the side, and copy the User access URL.
Then, jump back over to Curricula and add that URL in the Identity Provider Single Sign-on URL field:
Adding the Certificate
Finally, in order for our application to talk to the Identity Service Provider we need to add a unique certificate to our user group. (you can think of this kind of like a password. In order for Curricula to talk to Microsoft Azure the password or certificate needs to be verified)
Let’s not overcomplicate things, it’s a simple copy & paste and that’s all you’ll need to do with the certificate
Head back over to the Curricula SAML application in Azure Active Directory and in step 3 (SAML Signing Certificate) you will need to download the Certificate (Base64) file. Click on the Download link next to this label.
After downloading that file you will need to open it up in a Plain Text editor. You can right click on the downloaded file and use the OPEN WITH feature and select a program like Word, Notepad, C++ editor, etc. You will see the contents of that file look similar to this:
-----BEGIN CERTIFICATE-----
REALLYLONGSTRING-THATDOESNTMAKESENSE THISISTHESCERTIFICATEORPASSWORDYOUWIL LNEEDTOCOPYANDPASTEINTOCURRICULA
-----END CERTIFICATE-----
So, make sure to copy the contents of that whole string including BEGIN CERTIFICATE and END CERTIFICATE then jump back over to Curricula and paste that into the Identity Provider X.509 Certificate field, Make sure you do not have any extra blank lines after ----END CERTIFICATE---- Then click Update:
(Note: after clicking update the field will probably go blank again, don’t worry it saved the Certificate string, it’s just not displaying it for security purposes)
Next, we can move on to testing our Single Sign-on functionality.
Testing Single Sign-on
Go back to the Curricula SAML application in Microsoft where you can scroll to the bottom and click on the blue Test button. *Make sure you are testing with a Learner account that is listed in the GROUP you are setting up with SAML.
Once this is successful, users in your group will now have access to Curricula via SAML!