Single Sign-On (SSO) in collaboration with Microsoft Azure AD
With Pluvo, you can easily set up Single Sign-On (SSO) for your academy. In this article, we explain how to retrieve the data in Microsoft Azure AD.
Once you have this information, you can easily implement Single Sign-On (SSO) in Pluvo. You can find more information about this in this article.
Settings in your Azure AD portal
- Click on Azure Active Directory
- Go to the correct tenant
- Go to App registrations.
- Click on 'New registration' and create a new App with the following details.
App Name: [Choose a clear name]
Account types: Single tenant
In the next step, a name must be given to the client-ID. Choose a clear name, for example: 'Webclient Pluvo academy' so you'll remember later what this client-ID is used for.
Then copy the "filled in" parameter from Pluvo to Microsoft Azure AD (You can find this parameter in Administration > Settings under 'SSO & LTI').
For Example:
Authorized redirect URIs: https:// yoursubdomain.pluvo.com/oidc/callback/
In this screen, you can fill in the following fields:
- Now you can register this app. After registration, you'll land on the App overview page.
Here, you'll find the [1] Application client ID and [2] Directory (tenant) ID.
Certificates and secrets
Now, let's go to the 'Certificates and Secrets' menu in the newly created app.
- Create a new Client Secret and give it a description.
- Set the 'Secret' to never expire.
- Then copy the value of the newly created [3] Secret.
API permissions
Navigate to 'API Permissions' and create a new permission by clicking 'Add a permission'.
Select 'Microsoft Graph' and then 'Delegated permissions'. Then check 'email' and 'openid' in the list and add them by clicking the 'Add permission' button.
Done!
You now have all the necessary information to fill in Pluvo. You can find these fields in the academy under Administration > Settings under 'SSO & LTI'.
- Client ID
- Directory (tenant ID)
- Secret
Pluvo SSO Settings
OAuth Client id = ..... [Obtained above]
OAuth Client secret = ....... [Obtained above]
The following fields are always identical for Microsoft Azure. However, fill in the tenant-ID obtained in the above steps in the designated place.
Authorization endpoint: https://login.microsoftonline.com/[Tenant ID]/oauth2/v2.0/authorize
Token endpoint: https://login.microsoftonline.com/[Tenant ID]/oauth2/v2.0/token
User endpoint: https://graph.microsoft.com/oidc/userinfo
Scope = openid email
Oidc sign algo = RS256
Oidc op jwks endpoint: https://login.microsoftonline.com/[Tenant ID]/discovery/v2.0/keys
Simply fill in the required fields, click "Save," and switch the slider to "Active."
Afterward, your users can seamlessly log in via SSO!
Test SSO link
https://portal.azure.com/#blade/Microsoft_AAD_IAM/UsersManagementMenuBlade/MsGraphUsers
Updated on: 02/07/2024
Thank you!