Azure AD SSO

1. Sign in to Azure portal via https://portal.azure.com -> Azure Active Directory -> Enterprise applications -> +New application:

2. Within the ‘Enterprise applications’ select ‘+Create your own application’:

3. Enter the name for ClickView application, and select the option of ‘Integrate any other application you don't find in the gallery (Non-gallery)’ and click on the ‘Create’ button:

Within 'Single sign-on' option on the left-hand-side pane, click on 'SAML' tile on the right-hand-side:

4. In step 1 : Basic SAML Configuration - Enter the 'Reply URL (Assertion Consumer Service URL)' and 'Identifier (Entity ID)' as follows:

A:Identifier (Entity ID)

AU: https://saml-in5.clickview.com.au/shibboleth

UK: https://saml-in2.clickview.co.uk/shibboleth

NZ: https://shibboleth.clickview.co.nz/shibboleth

US: https://saml-in1.clickview.us/shibboleth

B: Reply URL (Assertion Consumer Service URL)

AU: https://saml-in5.clickview.com.au/Shibboleth.sso/SAML2/POST

UK: https://saml-in2.clickview.co.uk/Shibboleth.sso/SAML2/POST

NZ: https://shibboleth.clickview.co.nz/Shibboleth.sso/SAML2/POST   

US: https://saml-in1.clickview.us/Shibboleth.sso/SAML2/POST

C: Sign on URL

Leave blank as it is optional, this will be provided once the onboarding process is completed.

Sign on URL will be used to authenticate to ClickView directly.

D: Logout URL (Default across all regions)

https://login.windows.net/common/oauth2/logout

Upon completion, the field will look like as depicted in the example below:

5. Moving on to the 'User Attributes & Claims' section:

The standard four attributes will be displayed by default:

A: givenname

B: surname

C: emailaddress

D: name

An attribute to identify the level of access of users, i.e. staff and the year level of students, we need to add a Group Claim, click on '+ Add a group claim', select 'Groups assigned to the application'. In 'Source attribute' section, select 'Group ID' then 'Save':

6.  Assign groups

Security groups of students and staff members can be assigned from the 'Overview' page of the ClickView Enterprise application: https://portal.azure.com/ -> Home -> Enterprise Applications -> ClickView -> Assign users and groups

Once in the 'Users and Groups' section, add the desired group via the '+Add user/group' button to the ClickView application:

7. SSO Onboarding

This is the final step of the setup process, for the completion of this setup, please provide us with:

A.App Federation Metadata URL which can be retrieved as follows:

Single sign-on -> SAML Signing Certificate -> App Federation Metadata Url

B. A list of all staff and student Security groups. This will allow us to map users to relevant year group in ClickView. This can be found in: Home -> Groups -> All Groups -> Search for relevant groups

Below is an example shown for staff group and its corresponding 'objectId':

C. Synchronising Security Groups from your Active Directory (Azure Active Directory Connect)

In case that you would like to use the security group from your local AD instead, Azure AD Connect can be used to synchronize these values, as described in the official Microsoft knowledge-based article: Azure AD Connect sync.

D. Adding Group Claims in Azure AD

For synchronizing group claims and avoiding the use of 'ObjectIDs' as described in 6B, group claims can be configured in Azure as per the steps in Add group claims to tokens for SAML applications using SSO configuration.

E.Test student and test staff account credentials that have all attributes (including group membership) correctly populated so that we can test the single sign-on integration and confirm claims are exposed.

8.  Submitting your information

To start a new onboarding please click on the flag of your region below, otherwise please continue with the form if you are already in the process of completing according to your region: