Articles on: Single Sign-on
This article is also available in:

Single Sign-On (SSO) in collaboration with Microsoft Azure AD

With Pluvo, you can easily set up Single Sign-On (SSO) for your academy. In this article, we explain how to retrieve the data in Microsoft Azure AD.
Once you have this information, you can easily implement Single Sign-On (SSO) in Pluvo. You can find more information about this in this article.


Note: For the following steps, you need to have an administrator account for Microsoft Azure AD and a Company subscription with Pluvo.


Settings in your Azure AD portal


  1. Click on Azure Active Directory


Azure Active Directory


  1. Go to the correct tenant


Correct Tenant


  1. Go to App registrations.


It's also possible to create an enterprise application. Choose 'Register an application to integrate with Azure AD (App you’re developing)' there. The fields are the same as step 4. Then proceed to step 5.


  1. Click on 'New registration' and create a new App with the following details.
    App Name: [Choose a clear name]
    Account types: Single tenant


In the next step, a name must be given to the client-ID. Choose a clear name, for example: 'Webclient Pluvo academy' so you'll remember later what this client-ID is used for.


Then copy the "filled in" parameter from Pluvo to Microsoft Azure AD (You can find this parameter in Administration > Settings under 'SSO & LTI').


For Example:


Authorized redirect URIs: https:// yoursubdomain.pluvo.com/oidc/callback/



In this screen, you can fill in the following fields:


Fields


  1. Now you can register this app. After registration, you'll land on the App overview page.


Here, you'll find the [1] Application client ID and [2] Directory (tenant) ID.


Note: Make sure to copy the client ID and the Directory (tenant) ID, as you'll need these later for the Pluvo SSO settings.


App Overview


Certificates and secrets


Now, let's go to the 'Certificates and Secrets' menu in the newly created app.


  1. Create a new Client Secret and give it a description.
  2. Set the 'Secret' to never expire.
  3. Then copy the value of the newly created [3] Secret.


Note: You'll need this secret later for the Pluvo SSO settings.


Client Secret


API permissions


Navigate to 'API Permissions' and create a new permission by clicking 'Add a permission'.


Select 'Microsoft Graph' and then 'Delegated permissions'. Then check 'email' and 'openid' in the list and add them by clicking the 'Add permission' button.


API Permissions


Done!


You now have all the necessary information to fill in Pluvo. You can find these fields in the academy under Administration > Settings under 'SSO & LTI'.


  1. Client ID
  2. Directory (tenant ID)
  3. Secret


Pluvo SSO Settings


OAuth Client id = ..... [Obtained above]
OAuth Client secret = ....... [Obtained above]


The following fields are always identical for Microsoft Azure. However, fill in the tenant-ID obtained in the above steps in the designated place.


Authorization endpoint: https://login.microsoftonline.com/[Tenant ID]/oauth2/v2.0/authorize
Token endpoint: https://login.microsoftonline.com/[Tenant ID]/oauth2/v2.0/token
User endpoint: https://graph.microsoft.com/oidc/userinfo
Scope = openid email
Oidc sign algo = RS256
Oidc op jwks endpoint: https://login.microsoftonline.com/[Tenant ID]/discovery/v2.0/keys


Simply fill in the required fields, click "Save," and switch the slider to "Active."


Afterward, your users can seamlessly log in via SSO!


Test SSO link


Note: When testing the link as an ADMIN, check that your email address is filled in your profile. If not, you cannot log in. Pluvo requires an email address to function.


https://portal.azure.com/#blade/Microsoft_AAD_IAM/UsersManagementMenuBlade/MsGraphUsers


Test SSO Link

Updated on: 02/07/2024

Was this article helpful?

Share your feedback

Cancel

Thank you!