Please note that login is still possible for external users that are registered in your Activate LMS - but not in your AD.
Registering the authentication bridge with Azure Active Directory tenant
In order to allow the authentication bridge to communicate with your Azure Active Directory tenant you need to register it.
- Sign in to the Azure portal.
- On the top bar, click on your account and under the Directory list, choose the Active Directory tenant where you wish to register your application.
- Click on More Services in the left hand navigation and choose Azure Active Directory.
- Click on New application registration.
- Enter a friendly name for the application, for example ‘activatelms-bridge' and select 'Web Application and/or Web API' as the Application Type. For the sign-on URL, enter the URL for the authentication bridge, for example https://Login.yourDomain.com. Click on Create to create the application.
- While still in the Azure portal, choose your application, click on Settings and choose Properties.
- Find the Application ID. It will look something like this: c69d3c4f-c8d9-4abf-8e80-57036fb3db5c
- Find the App ID URI, it will look something like this: https://elearningSpecialist.com/c77e0456-062c-42e0-bca7-84917326eac6 where instead of elearningSpecialist.com, you would have the name of your Azure AD tenant.
Configuration of the authentication bridge
The authentication bridge will be implemented by our consultants, but there are a few things we need you to provide us:
- The URL to your Metadata file in the azure portal, for example https://login.microsoftonline.com/com/federationmetadata/2007-06/federationmetadata.xml", where elearningSpecialist.com should be replaced with the name of your Azure AD tenant. You can find the URL to your Metadata file in the azure portal by clicking the endpoints button from the App Registrations
- The App ID URI used as a key when setting up the authentication bridge with your Azure Active Directory tenant. For example, https://elearningSpecialist.com/c77e0456-062c-42e0-bca7-84917326eac6
- A Minimum the following Claims email address, given name, surname. Typically, we will have a conversation with both the business stakeholder and IT about which claims you can provide.
If multiple users with different domains will be using the same authentication bridge, you’ll need to provide a list of domains that needs to be redirected. Example: yourCompany.com, yourCompany.co.uk, yourCompany.dk.