Presentation
Microsoft Entra ID (Previously Azure AD) single sign-on (SSO), after being added and configured in the facility's tenant, allows its users to log in with their Microsoft credentials. The facility selects which users can use single sign-on to log into Compilatio. The Compilatio Magister account is created automatically the first time the user logs in with their Microsoft account information (first name, last name, email address).
Features
SSO |
Yes |
Types of authorized users | All |
Customization possible | Yes, the institution selects the users who can use SSO |
Prerequisites
Make sure you have the appropriate roles in Microsoft Entra ID (Previously Azure AD): you must be an application administrator or global administrator.
As a reminder, authentication with Microsoft Entra ID is limited to non-student faculty and staff.
Steps to implement authentication
- Log in to Microsoft Azure (You must be an administrator), go to Microsoft Entra ID tab Application registration then click on New application.
- Fill in the form to register an application. In Redirection URL select Web and enter "https://app.compilatio.net/api/private/authentication/login/microsoft?group_id=id_of_group_sent_by_compilatio&service=anasim"
- In the tab Authentication of the application, check Access Tokens and ID Tokens in the part Implicit grant and hybrid flows.
- In the tab Application Roles click on Create an application role and enter
- Display name: for example "Compilatio user".
- Authorized member types: users/groups
- Value: CompilatioUser
- In the tab Overview of the application, copy the Application ID and the Directory ID and send them to"support@compilatio.net".
Registering users to SSO Compilatio
- In Microsoft Entra ID click on the tab Enterprise applications then click on the previously created application.
- In the tab Users and groups click on Add a user / group.
- Select the users or groups you want to enroll in Compilatio SSO and select the previously created role.
---
Learn about other external authentication systems:
- External authentication with Shibboleth federated RENATER / EduGAIN
- External authentication with unfederated Shibboleth
- External authentication CAS (Central Authentication Service)
- External authentication LDAP (Lightweight Directory Access Protocol)