Azure AD As IDP for Moodle

Step 1: Setup Azure AD as Identity Provider

Follow the steps below to configure Azure AD as IdP

    miniorange img Configure Azure AD as IdP

    • In the miniOrange SAML 2.0 SSO plugin, navigate to Service Provider Metadata tab. Here,
      you can find the SP metadata such as SP Entity ID and ACS (AssertionConsumerService) URL
      which are required to configure the Identity Provider.
    • WordPress SAML Single Sign-On (SSO) upload metadata
  • Log in to Azure AD Portal

  • Select Azure Active DirectoryApp Registrations. Click on New Application Registration.

  • alt=
  • Assign a Name and choose the account type.In the Redirect URI field, provide the ACS URL provided in Service Provider Metadata tab of the plugin and click on Register button.
  • SAML Single Sign-On (SSO) using Azure AD as Identity Provider (IdP),for SAML 2.0 Azure AD Login - Application Registration
  • Now, navigate to Expose an API menu option and Click the Set button and replace the APPLICATION ID URI with the plugin's SP Entity ID

    Here, enter the SP Entity ID value from the Service Provider Metadata tab of the plugin.


  • SAML Single Sign-On (SSO) using Azure AD as Identity Provider (IdP),for SAML 2.0 Azure AD Login - Expose an API)
  • Go back to Azure Active DirectoryApp Registrations window and click on Endpoints link.

  • SAML Single Sign-On (SSO) using Azure AD as Identity Provider (IdP),for SAML 2.0 Azure AD Login - endpoints
  • This will open up a window with multiple URLs listed there. Copy the Federation Metadata Document URL. This will be required while configuring the SAML plugin.

  • SAML Single Sign-On (SSO) using Azure AD as Identity Provider (IdP),for SAML 2.0 Login - federation metadata

    miniorange img Configure Azure AD as IdP

    • In the miniOrange SAML 2.0 SSO plugin, navigate to Service Provider Metadata tab.Here, you can find the SP metadata such as SP Entity ID and ACS(AssertionConsumerService) URL which are required to configure the Identity Provider.
    • WordPress SAML Single Sign-On (SSO) upload metadata
  • Log in to Azure AD Portal

  • Select Azure Active Directory ⇒ Enterprise Applications.

  • SAML Single Sign-On (SSO) using Azure AD as Identity Provider (IdP),for SAML 2.0 Azure AD Login -  Enterprise registrations
  • Click on New Application.

  • SAML Single Sign-On (SSO) using Azure AD as Identity Provider (IdP),for SAML 2.0 Azure AD Login - New Application
  • Click on Non-gallery application section and enter the name for your app and click on Add button.

  •   SAML Single Sign-On (SSO) using Azure AD as Identity Provider (IdP),for SAML 2.0 Azure AD Login - Add Non-Gallery Application
  • Click on Single sign-on from the application's left-hand navigation menu. The next screen presents the options for configuring single sign-on. Click on SAML.

  • SAML Single Sign-On (SSO) using Azure AD as Identity Provider (IdP),for SAML 2.0 Azure AD Login - Select SAML authentication SSO
  • Enter the SP Entity ID for Identifier and the ACS URL for Reply URL from Service Provider Metadata tab of the plugin.

  • SAML Single Sign-On (SSO) using Azure AD as Identity Provider (IdP),for SAML 2.0 Azure AD Login - Configure SAML 2.0 SAML Single Sign-On (SSO) using Azure AD as Identity Provider (IdP),for SAML 2.0 Azure AD Login - Setup SAML 2.0
  • By default, the following Attributes are sent.
  • In the User Attribute & Claims tab click on Edit.

  • SAML Single Sign-On (SSO) using Azure AD as Identity Provider (IdP),for SAML 2.0 Login -  Azure AD User attributes
  • Click on the claim names you want to edit.
  • SAML Single Sign-On (SSO) using Azure AD as Identity Provider (IdP),for SAML 2.0 Login -  Azure AD User attributes
  • You can edit the Name and Namespace as per required.
  • SAML Single Sign-On (SSO) using Azure AD as Identity Provider (IdP),for SAML 2.0 Login -  Azure AD User attributes
  • Once the claim names are edited you will get the following screen.
  • SAML Single Sign-On (SSO) using Azure AD as Identity Provider (IdP),for SAML 2.0 Login -  Azure AD User attributes
  • Copy App Federation Metadata Url. This will be used while configuring the SAML plugin.
  • SAML Single Sign-On (SSO) using Azure AD as Identity Provider (IdP),for SAML 2.0 Azure AD Login -App Federation Metadata Url
  • Assign users and groups to your SAML application
    • As a security control, Azure AD will not issue a token allowing a user to sign in to the application unless Azure AD has granted access to the user. Users may be granted access directly, or through group membership.
    • Click on Users and groups from the applications left-hand navigation menu. The next screen presents the options for assigning the users/groups to the application.
    • SAML Single Sign-On (SSO) using Azure AD as Identity Provider (IdP),for SAML 2.0 Azure AD Login - assign groups and users
    • After clicking on Add user, Select Users and groups in the Add Assignment screen.
    • The next screen presents the option for selecting user or invite an external user. Select the appropriate user and click on the Select button.
    • SAML Single Sign-On (SSO) using Azure AD as Identity Provider (IdP),for SAML 2.0 Azure AD Login - add users
    • Here, you can also assign a role to this user under Select Role section. Finally, click on Assign button to assign that user or group to the SAML application.
    • SAML Single Sign-On (SSO) using Azure AD as Identity Provider (IdP),for SAML 2.0 Azure AD Login - select Role,Assign
Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com