How to configure SAML SSO with Microsoft Entra ID (Azure AD)

Single sign-on (SSO) is an authentication process that allows users to access multiple applications with one set of login credentials. This article can guide you step by step to configure Microsoft Entra ID (Azure AD) as an identity provider using SAML to enable SSO.

  1. Login to Microsoft Entra as an Administrator

  2. In the left navigation menu, under Applications, click Enterprise applications then click New Application

  3. Click Create your own application → Give your application a meaningful name like AlphaLearn LMS SSO → then select the last radio button Integrate any other application you don’t find in the gallery (Non-gallery) → Click Create

  4. In the resulting screen click Single Sign-on → then select SAML as the single sign-on method

  5. In the Basic SAML Configuration page of SAML click Edit and enter the below details:
    1. Identifier (Entity ID) → Add identifier → this URL can be found in the LMS → Customize → SSO → SAML – Microsoft Entra ID (Azure AD) → Config Details → Audience
    2. Reply URL (Assertion Consumer Service URL) → this URL can be found in the LMS → Customize → SSO → SAML – Microsoft Entra ID (Azure AD) → Config Details → Recipient
    3. Sign on URL → this URL can be found in the LMS → Customize → SSO → SAML – Microsoft Entra ID (Azure AD) → Config Details → Login URL
    4. Relay State (Optional) → this URL can be found in the LMS → Customize → SSO → SAML – Microsoft Entra ID (Azure AD) → Config Details → Recipient
    5. Logout Url (Optional) → this URL can be found in the LMS → Customize → SSO → SAML – Microsoft Entra ID (Azure AD) → Config Details → Logout URL
  6. Click Save

  7. Then click ManageSingle Sign-onAttributes & ClaimsEditAdd New Claim
    1. Name → email, Source Attribute → user.mail, Click → Save
    2. Name → fname, Source Attribute → user.givenname, Click → Save
    3. Name → lname, Source Attribute → user.surname, Click → Save
    4. Name → mobile, Source Attribute → user.mobilephone, Click → Save

  8. Under Manage section, click → Users and groups → Assign the users/groups to use single sign-on by granting access to AlphaLearn LMS.
  9. Now as the Admin, login to AlphaLearn LMS then click CustomizeSSO. Select Identity Provider as SAML – Microsoft Entra ID (Azure AD) → click Submit.

  10. Then click on SAML – Microsoft Entra ID (Azure AD)Edit and enter the below details (these can be obtained from Microsoft Entra → Enterprise Application → AlphaLearn LMS SSO → Manage → Single Sign-on):
    1. In EntityID → Add Microsoft Entra Identifier
    2. In Single SignOn Service → Add Login URL
    3. In Single Logout Service → Add Logout URL
    4. In Signing Cert → add details visible in Certificate (Base64) which can be downloaded and opened in a text editor
    5. Change the Status to Active and click Update to complete the Microsoft Entra ID SSO integration

Note: Your Custom URL login page will now feature a Continue with Microsoft Entra ID button, as shown below.