Azure AD Configuration (SHA-256)
This article provides information on how to configure your Azure Active Directory instance for use with Education Perfect's Single Sign-On (SSO) system.
Setup in Azure
- Visit the Azure portal
- Click Azure Active Directory under Azure Services
- Click Enterprise Applications
- Click New Application
Due to changes in the website, you may need to click to enable the legacy App search to find this page
- Click Non-gallery application
- Put Education Perfect in the name field and click Add.
- Click 2. Set up single sign on -> Get Started
- Click SAML
- Edit the second box User Attributes and Claims. Click to Edit Unique User Identifier (Name ID)
- Click Choose name identifier format and ensure it is set to Email address in the drop down.
- Source Attribute should be user.mail
- Go to the Users and Groups menu and add the users, groups and/or roles that will be logging into Education Perfect by SSO.
We recommend adding all users.
- Click the Icon next to the App Federation MetaData Url and send this link to us at email@example.com along with the details for a test account that is included in Users and Groups listed above
With this information we will set things up on our side and should get back to you with in a week with the information required for the next steps.
Once you have received a reply from us, go back into the application and make the following changes:
- Edit the first box Basic SAML Configuration
Fill in the first two fields:
- Identifier (Entity ID): Issuer as provided by us (please note that this value is unable to be supplied until we have loaded your metadata from step 12)
- Reply URL (Assertion Consumer Service URL): https://iam.educationperfect.com/samlv2/acs
- Save and exit.
- Click the following error if it shows up:
- Email us and lets us know that this step has been completed, once we received confirmation, we will commence testing.
Match existing users to their accounts
If your students have already been using Education Perfect without an Azure integration, their EP accounts will need to be linked to the unique identifier Azure uses to confirm their identity. The above user claims settings will make this their email address, but we use the test accounts to confirm everything is configured correctly.
We'll match up everyone we can on your behalf. We will then send you a list of anyone we couldn't match. Once you send us the details for those people, we'll update them as well.
Please note that until we have completed this step users will get an error if they attempt to log into Education Perfect via Azure.