How to Configure Azure AD SAML with UniversitySite

If you are considering switching to this SSO solution instead of the out of the box UniversitySite SSO, please contact Lawren Finley to find out if it's included with your subscription.

You can test your configuration without interrupting the existing login experience for your production users by following these instructions
https://docs.universitysite.com/article/579-how-to-test-saml-configuration-without-interrupting-production

If you are using the legacy GUI for Azure AD refer to this document instead How to setup UniversitySite SSO with Azure AD SAML - Legacy Gui - UniversitySite

First, you must go to the Login Settings page in UniversitySite. (Make sure you are in InstructorSite. If not, click on the left-most dropdown list at the top of the page and click on “InstructorSite”). Your page in UniversitySite should look like this now.
Now, you will drop down the menu under your name at the top right-most drop-down and click on “Global Settings”.
Now you will see the “Global Settings” page, scroll to the bottom of this page and click on “Login Settings”.
You should now see a page that looks like this. Select “Use Azure AD” and then click on “SAML Setup for Production Environment”.
Scroll down on this page until you can see these settings. You will copy and paste them into your Azure Active Directory settings in the following steps.
Now on your Azure Portal server, click on Azure Active Directory. Then, click on Enterprise applications. Now you will see a list of all your Enterprise Applications, click on New application to add UniversitySite.
On the following panel, first, click on Create your own application. Next, type in "UniversitySite” for the “name of your app”. Make sure “Integrate with other (non-gallery) app is chosen. Finally, click the “Create” button at the bottom of that panel (not shown).
Now, let’s click on Get started in “2. Single sign-on” so we can configure those settings for UniversitySite.
On this page, click on SAML from the “Select a single sign-on method” page
Click on Edit in the “Basic SAML configuration box
On the Edit panel shown below
1. copy the UniversitySite’s Identifier from your UniversitySite browser window and paste it into the Identifier (Entity ID) field.
2. copy the UniversitySite SSO URL from your UniversitySite browser window and paste it into the Reply URL (Assertion Consumer Service URL) field.
3. copy the UniversitySite SLO URL from your UniversitySite browser window and paste it into the Logout URL field.
4. Finally, click the Save button at the top left.
Now, scroll down even further on the page you are viewing until you see the SAML signing certificatebox. Click on the Edit button
Select Sign SAML response and assertion in the “Signing Option” drop-down list. Then click Save.
Now that our UniversitySite settings are saved in Azure Active Directory, we need to setup UniversitySite to talk to your new Azure Active Directory Enterprise app. Scroll down to the bottom of the same panel until you see something like this and then click on “4. Setup UniversitySite”. Click on “View step-by-step instructions”.
On this panel, scroll down until you see these URLs:
1. copy the SAML Entity ID to your UniversitySite browser window and paste it into the Provider’s URL field.
2. copy the SAML Single Sign-on Service URL to your UniversitySite browser window and paste it into the Provider’s SSO URL field.
3. copy the Sign-Out URL to your UniversitySite browser window and paste it into the Provider’s SLO URL field

Click on the SAML Signing Certificate – Base64 encoded link to download the Azure Active Directory signing certificate to your local computer. Now, open that certificate file you just downloaded with your favorite text editor (notepad). Finally, copy everything in that file to your UniversitySite browser window and paste it into the Provider’s Cert field.Save all the settings changes you made in UniversitySite.
Finally, you will need to add users and/or groups to your Azure Active Directory settings for UniversitySite in your Azure portal.