Skip to Main Content

Authentication with Microsoft Azure

A few additional steps will be needed for authentication configurations using Microsoft Azure as the identity provider.  

The items below must be completed in order to include the metadata information in the authentication worksheet.

An Active directory must be setup within Azure prior to using this option. If the campus has an on-site Active Directory it can be configured to synchronized with Azure.

For more information on setting up Active Directory in Azure and using Azure Connect to synchronize Active Directories, visit the following page: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect

Adding the Application

Azure provides three options for adding applications:  

  • Azure Gallery Applications
  • Azure Non-Gallery Applications
  • Custom Applications that you are developing

For Campus Labs we can use either the Non-Gallery or Custom Application optons.

NOTE:  Azure Premium is required to use this option!!

When a campus needs to send an attribute that is not the eppn attribute to Campus Labs, this option provides the most flexibility.

  1. Click Azure Active Directory and then select Enterprise Applications tab for the Azure AD directory being configured. 
  2. Click the New Application button.. 
  3. Select the option to Non-Gallery Application
  4. Input Campus Labs for the name, and click the forward button. 
  5. Change the Entity ID to https://federation.campuslabs.com/shibboleth
  6. Change the Reply URL (Assertion Consumer Service URL) to https://federation.campuslabs.com/Shibboleth.sso/SAML2/POST 
  7. Under the User Attributes section, additional supported attributes can be added.
  8. Click Save
  9. Click the Copy icon next to App Federation Metadata URL and include this link in the Authentication Integration Worksheet
  10. Complete and return the Authentication Integration Worksheet

Custom Application that you are developing

When a campus only needs to send the eppn attribute to Campus Labs, this is the easiest option for configuration.

  1. Click Azure Active Directory and then select Enterprise Applications tab for the Azure AD directory being configured. 
  2. Click the New Application button.. 
  3. Select the option to Add an application my organization is developing
  4. Input Campus Labs for the name, and click the forward button. 
  5. The sign-on URL should be https://federation.campuslabs.com/Shibboleth.sso/SAML2/POST
  6. The App ID URI should be https://federation.campuslabs.com/shibboleth
  7. Click Save
  8. Click App Registrations and then click the View endpoints button on the lower bar
  9. Make a note of top entry in the list, which should be “FEDERATION METADATA DOCUMENT”
  10. Copy this value and include this link in the Authentication Integration Worksheet
  11. Complete and return the Authentication Integration Worksheet

 

Have more questions? Submit a request

Comments