SAML with Azure

Upload the metadata file you received from IE and this will auto populate most of the SAML configuration that you'll need.

NOTE: If uploading an XLM file (instead of utilizing a live hosted URL), remove the validUntil property and value.

Recommendations

• Use an ID that doesn't change: Since this value used to sync learner to their accounts or create a new account if one doesn't exist for a learner, it's recommended that this value be from a source that doesn't change. If the value does change, then the learner will receive a fresh account upon authenticating and will lose all previous progress.

  • Email Address as NameId will suffice : Sending an email as the NameId can cause the problem mentioned above when a learner's email changes due to a name change. That said, email addresses are used by many clients without much headache. Though it isn't the "perfect" option, we considered it "good enough".

  • Unique IDs are a better option: If available, an ID with sufficient randomness to be collision resistant, or appending a domain or school name to less random ID, has the benefits of being both unique and unchanging. See below for an example how to create a unique ID by combining an learner ID and a static

Making the NameID unique

A recommended NameID is a combination of unique-to-your-institution ID like an employee ID or student ID combined with a domain name you own. To do this in Azure, follow these steps:

1. Start by editing the Name Identifier Value attribute and changing the source to Transformation by selecting the radio button

2. Then set the Transformation to Join(), the Parameter 1 to the unique-to-your-institution ID, and Parameter 2 to the static value of the @ symbol and your domain name like below.

• Note: Azure will put your string in quotes (like the licenseId above) if it recognizes your input as a static value.