Introduction
By activating the SAML app in Docebo, users can log into their learning platforms using credentials from active sessions of other web platforms. This article will give you an example for configuring Microsoft Azure as an identity provider using SAML.
In order to prepare for this integration, you should make sure you have the SAML Single Sign On application installed on your platform. Please see this article for instructions.
Microsoft Azure with SAML Configuration
Please Note: If you are planning to use this integration with a custom domain, make sure your SSL certificate is valid.
Connect to the Microsoft Azure Active Directory website as an Administrator.
Select Enterprise applications followed by All applications. Next, click on the New application button and choose Non-gallery application.
Give your application a meaningful name, such as Docebo, and press Add. A window of the
application will open, then click on Single Sign-on in the left sidebar and select SAML.
In the configuration page of SAML you will need to provide Identifier (Entity ID), as well as the Reply URL (Assertion Customer Service URL).
For the Identifier, you can use:
https://[yourplatform].docebosaas.com/lms/index.php
Replace [yourplatform]
with the name of your platform.
If you have the custom domain app active and configured, please use the custom domain instead of the docebosaas URL, for example:
https://[customdomain]/lms/index.php
Replace [customdomain]
with your custom domain name.
For the Reply URL, use:
https://[yourplatform].docebosaas.com/lms/index.php?r=SimpleSamlApp/SimpleSamlApp/modules/saml/sp/saml2-acs.php/default-sp
Replace [yourplatform]
with the name of your platform.
If you have the custom domain app active and configured, please use the custom domain instead of the docebosaas URL, for example:
https://[customdomain]/lms/index.php?r=SimpleSamlApp/SimpleSamlApp/modules/saml/sp
Replace [customdomain]
with your custom domain name.
Next, save the information and close the window with the X button on the top right corner. The system may request to test the Single sign-on at this stage, click No, I’ll test later. In the page Setup Single Sign-On with SAML – Preview, go to the block titled SAML Signing Certificate and download the Federation Metadata XML.
Now, open Docebo, go to the Admin menu by pressing the gear icon in the top right corer, locate SAML and press Manage to enter the settings screen.
In the Identity Provider ID field, enter the Azure Issuer, for example:
https://sts.windows.net/17975747-33k9-213t-th66-4if92d300ih/
In the XML Metadata field, paste the text of the Federation Metadata XML file you downloaded earlier.
In the Username Attribute field enter the field you will use as the username in Docebo, for example:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress