Single Sign-On (SSO) in collaboration with Microsoft Azure AD
With Pluvo, you can easily set up Single Sign-On (SSO) for your academy. In this article, we explain how to retrieve the data in Microsoft Azure AD.
Once you have this information, you can easily implement Single Sign-On (SSO) in Pluvo. You can find more information about this in this article.
Note: For the following steps, you need to have an administrator account for Microsoft Azure AD and a Company subscription with Pluvo.
Click on Azure Active Directory
Go to the correct tenant
Go to App registrations.
It's also possible to create an enterprise application. Choose 'Register an application to integrate with Azure AD (App you’re developing)' there. The fields are the same as step 4. Then proceed to step 5.
Click on 'New registration' and create a new App with the following details.
App Name: [Choose a clear name]
Account types: Single tenant
In the next step, a name must be given to the client-ID. Choose a clear name, for example: 'Webclient Pluvo academy' so you'll remember later what this client-ID is used for.
Then copy the "filled in" parameter from Pluvo to Microsoft Azure AD (You can find this parameter in Administration > Settings under 'SSO & LTI').
For Example:
Authorized redirect URIs: https:// _yoursubdomain_.pluvo.co/oidc/callback/
In this screen, you can fill in the following fields:
Now you can register this app. After registration, you'll land on the App overview page.
Here, you'll find the [1] Application client ID and [2] Directory (tenant) ID.
Note: Make sure to copy the client ID and the Directory (tenant) ID, as you'll need these later for the Pluvo SSO settings.
Now, let's go to the 'Certificates and Secrets' menu in the newly created app.
Create a new Client Secret and give it a description.
Set the 'Secret' to never expire.
Then copy the value of the newly created [3] Secret.
Note: You'll need this secret later for the Pluvo SSO settings.
Navigate to 'API Permissions' and create a new permission by clicking 'Add a permission'.
Select 'Microsoft Graph' and then 'Delegated permissions'. Then check 'email' and 'openid' in the list and add them by clicking the 'Add permission' button.
You now have all the necessary information to fill in Pluvo. You can find these fields in the academy under Administration > Settings under 'SSO & LTI'.
Client ID
Directory (tenant ID)
Secret
OAuth Client id = ..... [Obtained above]
OAuth Client secret = ....... [Obtained above]
The following fields are always identical for Microsoft Azure. However, fill in the tenant-ID obtained in the above steps in the designated place.
Authorization endpoint: https://login.microsoftonline.com/[Tenant ID]/oauth2/v2.0/authorize
Token endpoint: https://login.microsoftonline.com/[Tenant ID]/oauth2/v2.0/token
User endpoint: https://graph.microsoft.com/oidc/userinfo
Scope = openid email
Oidc sign algo = RS256
Oidc op jwks endpoint: https://login.microsoftonline.com/[Tenant ID]/discovery/v2.0/keys
Simply fill in the required fields, click "Save," and switch the slider to "Active."
Afterward, your users can seamlessly log in via SSO!
Note: When testing the link as an ADMIN, check that your email address is filled in your profile. If not, you cannot log in. Pluvo requires an email address to function.
https://portal.azure.com/#blade/Microsoft_AAD_IAM/UsersManagementMenuBlade/MsGraphUsers
Once you have this information, you can easily implement Single Sign-On (SSO) in Pluvo. You can find more information about this in this article.
Note: For the following steps, you need to have an administrator account for Microsoft Azure AD and a Company subscription with Pluvo.
Settings in your Azure AD portal
Click on Azure Active Directory
Go to the correct tenant
Go to App registrations.
It's also possible to create an enterprise application. Choose 'Register an application to integrate with Azure AD (App you’re developing)' there. The fields are the same as step 4. Then proceed to step 5.
Click on 'New registration' and create a new App with the following details.
App Name: [Choose a clear name]
Account types: Single tenant
In the next step, a name must be given to the client-ID. Choose a clear name, for example: 'Webclient Pluvo academy' so you'll remember later what this client-ID is used for.
Then copy the "filled in" parameter from Pluvo to Microsoft Azure AD (You can find this parameter in Administration > Settings under 'SSO & LTI').
For Example:
Authorized redirect URIs: https:// _yoursubdomain_.pluvo.co/oidc/callback/
In this screen, you can fill in the following fields:
Now you can register this app. After registration, you'll land on the App overview page.
Here, you'll find the [1] Application client ID and [2] Directory (tenant) ID.
Note: Make sure to copy the client ID and the Directory (tenant) ID, as you'll need these later for the Pluvo SSO settings.
Certificates and secrets
Now, let's go to the 'Certificates and Secrets' menu in the newly created app.
Create a new Client Secret and give it a description.
Set the 'Secret' to never expire.
Then copy the value of the newly created [3] Secret.
Note: You'll need this secret later for the Pluvo SSO settings.
API permissions
Navigate to 'API Permissions' and create a new permission by clicking 'Add a permission'.
Select 'Microsoft Graph' and then 'Delegated permissions'. Then check 'email' and 'openid' in the list and add them by clicking the 'Add permission' button.
Done!
You now have all the necessary information to fill in Pluvo. You can find these fields in the academy under Administration > Settings under 'SSO & LTI'.
Client ID
Directory (tenant ID)
Secret
Pluvo SSO Settings
OAuth Client id = ..... [Obtained above]
OAuth Client secret = ....... [Obtained above]
The following fields are always identical for Microsoft Azure. However, fill in the tenant-ID obtained in the above steps in the designated place.
Authorization endpoint: https://login.microsoftonline.com/[Tenant ID]/oauth2/v2.0/authorize
Token endpoint: https://login.microsoftonline.com/[Tenant ID]/oauth2/v2.0/token
User endpoint: https://graph.microsoft.com/oidc/userinfo
Scope = openid email
Oidc sign algo = RS256
Oidc op jwks endpoint: https://login.microsoftonline.com/[Tenant ID]/discovery/v2.0/keys
Simply fill in the required fields, click "Save," and switch the slider to "Active."
Afterward, your users can seamlessly log in via SSO!
Test SSO link
Note: When testing the link as an ADMIN, check that your email address is filled in your profile. If not, you cannot log in. Pluvo requires an email address to function.
https://portal.azure.com/#blade/Microsoft_AAD_IAM/UsersManagementMenuBlade/MsGraphUsers
Updated on: 12/04/2024
Thank you!