This article provides you the step-by-step guide to configuring SSO using Azure AD with your VIDIZMO portal. Configuration consists of following two sections which consist detail steps of configuration:
Configuration at the Azure AD portal
1. Go to Windows Azure Management Portal:
i. Enter your email address.
ii. Click on Continue.
Note: www.manage.windowsazure.com is the link to Azure's Managment Portal.
2. It will look for your account. Once done:
i. Enter your Email Address and Password.
ii. Click on Sign in.
3. You will successfully log into Windows Azure Managment Portal. Click on ALL ITEMS on the left panel.
4. Now scroll down and find ACTIVE DIRECTORY on the left panel. Click on it.
5. You will redirect to the Active Directory page. Select the Active Directory which you want to configure.
6. Click on APPLICATIONS.
7. Click on ADD at the bottom task bar.
8. A popup window will appear. Select Add an application my organization is developing option.
9. An Add Application popup will appear:
i. Enter the NAME of your application.
ii. Click on Next.
10. Once you have named your application, add the properties of the application in the next popup window:
i. Enter SIGN-ON URL. The Sign on URL is used to get the response after authenticating from Azure AD (either pass or fail) to VIDIZMO.
ii. Enter APP ID URL. The App ID URL is used to authenticate the Sign In Request by Azure AD that it is coming from the trusted provider (in our case it is VIDIZMO) which we will configure later on in the VIDIZMO portal.
iii. Click on Complete.
Note: Sign-On URL will be http://[your VIDIZMO domain]/Handlers/SignInHandler.ashx. For instance, http://lexcorptrainings.enterprisetube.com/Handlers/SignInHandler.ashx.
App ID URL will be Http://[your VIDIZMO domain]. For instance, http://lexcorptrainings.enterprisetube.com.
11. A message will appear stating: Your app has been added!
12. Now click on CONFIGURE.
13. Click on VIEW ENDPOINTS at the bottom task bar.
14. The App Endpoints popup window will open. Click on the Copy icon of SAML-P SIGN-ON ENDPOINT to copy it.
15. Now copy the FEDERATION METADATA DOCUMENT.
16. Open a new tab in the browser and paste the copied value. Copy the entityID parameter value from the first node of XML.
Configuration at the VIDIZMO portal
1. At Account/Channel Homepage, go to Admin >> Settings.
2. At Settings page, click on Login tab.
3. Click on Enable under the Corporate Login box.
4. Select Windows Azure AD (SAMLP) from the dropdown list.
i. Enter Login URL which you copied in Step 14 of Configuration at Azure AD Portal.
ii. Enter Sign-In Caption.
iii. Enter Sign-In Caption Tooltip. This is shown on the sign in page of the application.
iv. Click Next (>) icon.
i. Enter SAMLP Request which is given below.
ii. Click on Next (>) icon to proceed.
<samlp:AuthnRequest xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="efcebb45-5ee6-42df-ace4-a343f28f5a46" Version="2.0" IssueInstant="2014-11-06T12:31:09Z" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"> <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion"> http://[your VIDIZMO domain]</Issuer> </samlp:AuthnRequest>
Note: Replace [your VIDIZMO domain] with the URL of your Account/Channel.
i. Select Enabled SAMLP Request checkbox.
ii. Select Use Deflate checkbox.
iii. Click on Done.
8. Now click Enable under Trusted Domains box.
9. At Trusted Domains:
i. Enter *.windows.net as your first Trusted Domain. The second Trusted Domain is the entityID parameter copied in Step 15 of Configuration at Azure AD Portal.
ii. Select Allow embedding on above domain(s) only checkbox.
iii. Click on Done.
10. Click on Update to save changes.
11. A message will appear stating: Channel details have been updated successfully. SSO has been successfully set up using Azure Active Directory.
1. At the top menu bar, click on Sign In.
2. You will redirect to the Sign In page. Click on Corporate Login.
3. You will redirect to the Azure AD Login page:
i. Enter your email address and password.
ii. Click on Sign In.
4. You will redirect to Channel Homepage.
How to claim you Azure AD for Office 365 account which is synced with local AD
By default, this Azure AD is not exposed. Therefore you need to claim Office 365 Azure AD. The following URL shows the step by step guide to claiming Azure AD which is used behind Office 365 account