How to Setup UniversitySite for Azure / Microsoft Entra ID SAML
- First you must go to the “Login Settings” page in UniversitySite. (Make sure you are in InstructorSite. If not, click on the left-most dropdown list at the top of the page and click on “InstructorSite”). Your page in UniversitySite should look like this now.
- Now, you will dropdown the menu under your name at the top right-most dropdown and click on Global Settings.
- Now you will see the “Global Settings” page, scroll to the bottom of this page and click on “Login Settings”.
- You should now see a page that looks like this. Select “Use Azure AD SSO” and then click on “SAML Setup for Production Environment”.
- Scroll down on this page until you can see these settings. You will copy and paste them into your Azure/Microsoft Entra ID settings in the following steps.
- Now on your Azure Portal server, click on “Microsoft Entra ID”. Then, click on “Enterprise applications”. Now you will see a list of all your Enterprise Applications, click on “New application” to add UniversitySite.
- On the following panel, first, click on Create your own application. Next, type in “UniversitySite” for the “name of your app”. Make sure Integrate any other application you don’t find in the gallery (Non-gallery) is chosen. Finally, click the Create button at the bottom of that panel (not shown).
- Now, let’s click on Get started in 2. Set up single sign on so we can configure those settings for UniversitySite.
- On this page, click on SAML from the “Select a single sign-on method” page.
- Click on Edit in the “Basic SAML configuration box."
- On the edit panel shown below:
- Copy the “UniversitySite’s Identifier” from your UniversitySite browser window and paste it into the “Identifier (Entity ID)” field.
- Copy the “UniversitySite SSO URL” from your UniversitySite browser window and paste it into the “Reply URL (Assertion Consumer Service URL)” field.
- Copy the “UniversitySite SLO URL” from your UniversitySite browser window and paste it into the “Logout Url” field.
- Finally, click on the “Save” button at the top left.
- Now, scroll down even further on the page you are viewing until you see the “SAML Certificates” box. Click on the top Edit button.
- Select Sign SAML response and assertion in the “Signing Option” dropdown list. Then click Save.
- Now that our UniversitySite settings are saved in Azure/Microsoft Entra ID, we need to setup UniversitySite to talk to your new Azure/Microsoft Entra ID Enterprise app. Scroll down the page until you see something like this.
- On this panel, scroll down until you see these URLs (please notice that the ordering of these values shown above is NOT in the same order as they are on the UniversitySite page):
a. Copy the “Microsoft Entra Identifier” to your UniversitySite browser window and paste it into the “Provider’s URL” field.
b. Copy the “Login URL” to your UniversitySite browser window and paste it into the “Provider’s SSO URL” field.
c. Copy the “Logout URL” to your UniversitySite browser window and paste it into the “Provider’s SLO URL” field.
- Now, scroll back up to find this again and click on the Download link to download the Azure/Microsoft Entra ID signing “Certificate (Base64)” to your local computer. Now, open that Certificate File you just downloaded with your favorite text editor (notepad). Finally, copy everything in that file to your UniversitySite browser window and paste it into the “Provider’s Cert” field.
- Save all the settings changes you made in UniversitySite.
- Finally, you will need to add Users and/or groups to your Azure/Microsoft Entra ID settings for UniversitySite in your Azure portal.