Azure AD Configuration (SHA-256)

This article provides information on how to configure your Azure Active Directory instance for use with Education Perfect's Single Sign-On (SSO) system.

Setup in Azure

Please note that you will require the Global Administrator role to be able to complete this set up

  1. Visit the Azure portal
  2. Click Azure Active Directory under Azure Services
    azure active directory button
  3. Click Enterprise Applications
    enterprise applications button
  4. Click New Application
    Due to changes in the website, you may need to click to enable the legacy App search to find this page
    new application button
  5. Click Non-gallery application
    non-gallery application
  6. Put Education Perfect in the name field and click Add.
  7. Click 2. Set up single sign on -> Get Started
    set up single sign on button
  8. Click SAML SAML button
  9. Click the Icon next to the App Federation MetaData Url and send this link, along with the details for a test account to support@educationperfect.com
  10. app federation metadata URL
    With this information we will set things up on our side and should get back to you within a week with the information required for the next steps.

Secondary steps

Once you have received a reply from us, go back into the application where you were before and make the following changes:

  1. Edit the first box Basic SAML Configuration
    SAML-based sign on

    Fill in the first two fields:

    1. Identifier (Entity ID): Issuer as provided by us (please note that this value is unable to be supplied until we have loaded your metadata previously!)
    2. Reply URL (Assertion Consumer Service URL): https://iam.educationperfect.com/samlv2/acs
  2. Edit the second box User Attributes and Claims. Click to Edit Unique User Identifier (Name ID) user attributes and claims section
    1. Click Choose name identifier format and ensure it is set to Email address in the drop down.
    2. Source Attribute should be user.mail
      manage claim section
  4. Save and exit. Please note that attempting to test the integration at this time will not work.
  5. Click the following error if it shows up:

  6. Allow user access to the newly created SAML Application:
    Click Properties on the left hand side bar
    Set Assignment required to No

    7. Alternatively if you wish to have finer grained control on who can access this application, you can define access by groups rather than by all as shown above.
    Go to the Users and Groups menu and add the users, groups and/or roles that will be logging into Education Perfect by SSO.
    We recommend adding all users: such as your All Staff group, All Student groups and any test accounts!
    users and groups section Please note that any users that do not have access when attempting to log into Education Perfect with be met with a AADSTS50105 error from Microsoft.

  7. Email us and lets us know that this step has been completed, once we received confirmation, we will finalize the connection and commence testing.

Match existing users to their accounts

If your students have already been using Education Perfect without an Azure integration, their EP accounts will need to be linked to the unique identifier Azure uses to confirm their identity. The above user claims settings will make this their email address, but we use the test accounts to confirm everything is configured correctly.
We'll match up everyone we can on your behalf. We will then send you a list of anyone we couldn't match. Once you send us the details for those people, we'll update them as well.

Please note that until we have completed this step users will get an error if they attempt to log into Education Perfect via Azure.

Did you find this article helpful? Thanks! Click the speech bubble below to tell us more. There was a problem submitting your feedback. Please try again later.