Azure Active Directory Configuration
This article provides information on how to configure your Azure Active Directory instance for use with Education Perfect's Single Sign-On (SSO) system.
Please note: we currently only support integration with the Premium P1 and P2 Tiers.
The SSO setup process
Setup in Azure
- Visit the Azure portal
- Click on Azure Active Directory under Azure Services
- Click Enterprise Applications
- Click New Application
- Click Non-galley application
- Put 'Education Perfect' in the name field and click Add.
- Click 2. Set up single sign on
- Click SAML
- Edit the first box Basic SAML Configuration by clicking on the edit icon.
- Fill in the first two fields:
a. Identifier (Entity ID): https://sso.educationperfect.com
b. Reply URL (Assertion Consumer Service URL): https://sso.educationperfect.com/sso/saml2
- Save and exit.
- Edit the second box User Attributes and Claims. Click to Edit Unique User Identifier (Name ID)
- Click Choose name identifier format and ensure it is set to Persistent in the drop down.
- Source Attribute should be user.userprincipalname.
- Save and exit
- Edit the third box SAML Signing Certificate, ensure that Signing Algorithm is set to SHA-1.
- Click Download next to Federated Metadata XML from the SAML Signing Certificate box. You will need to send this file to us so we can configure the integration on our side.
- Go to the Users and Groups menu and add the users, groups and/or roles that will be logging into Education Perfect by SSO.
- Please send the following to firstname.lastname@example.org so we can complete the set up:
- The Federated Metadata XML file you downloaded.
- Azure credentials (username and password) for a test student and test teacher account so that we can check the integration is working. Please ensure that these credentials match the conventions in place for your other users- this includes roles and group membership as applicable in your system.
Match existing users to their Azure accounts
If your students have already been using Education Perfect without an Azure integration, their EP accounts will need to be linked to the unique identifier Azure uses to confirm their identity. The above user claims settings will make this their email address, but we use the test accounts to confirm everything is configured correctly.
If we already have the unique identifier associated with teachers' and students' accounts, for example because it's their email addresses, we'll match up everyone we can on your behalf. We will then send you a list of anyone we couldn't match. Once you send us the details for those people, we'll update them as well.
Please note that until we have completed this step users will get an error if they attempt to log into Education Perfect via Azure.