Introduction
By activating the SAML app in Docebo, users can log into their learning platforms using credentials from active sessions of other web platforms. This article will give you an example for configuring Microsoft Entra ID (Azure AD) as an identity provider using SAML.
In order to prepare for this integration, you should make sure you have the SAML Single Sign On application installed on your platform. Please see Docebo for SAML - Standard configuration for instructions.
Microsoft Entra ID (Azure AD) with SAML configuration
Please note: If you are planning to use this integration with a custom domain, make sure your SSL certificate is valid. For more information please see Domain Management: Configuring custom domains and Domain Management: Managing self-supplied SSL certificates.
Connect to the Microsoft Entra admin center (opens in a new tab) as an administrator.
In the left menu pane, under Applications, press Enterprise applications.
Next, press the New application button.
In the resulting screen, press Create your own application.
In the resulting slide-in panel, give your application a meaningful name, choose the Integrate any other application you don't find in the gallery (Non-gallery) option and then press Create.
In the resulting Overview screen, press Single sign-on in the left sidebar menu and in the Select a single sign-on method section, choose SAML.
In the configuration page of SAML you will need to provide the Identifier (Entity ID), as well as the Reply URL (Assertion Customer Service URL).
In the Basic SAML Configuration section, press Edit to add the necessary information.
In the resulting slide-in panel, you can configure the basic SAML settings. To add an identifier, press Add identifier. For the Identifier (Entity ID), you can use:
https://[yourplatform].docebosaas.com/lms/index.php
Replace [yourplatform] with the name of your platform.
If you have a custom domain configured, please use the custom domain instead of the docebosaas URL, for example:
https://[customdomain]/lms/index.php
Replace [customdomain] with your custom domain name.
Next, press Add reply URL in the Reply URL (Assertion Consumer Service URL) section to add the needed information. For the Reply URL, use:
https://[yourplatform].docebosaas.com/lms/index.php?r=SimpleSamlApp/SimpleSamlApp/modules/saml/sp/saml2-acs.php/default-sp
Replace [yourplatform] with the name of your platform.
If you have a custom domain configured, please use the custom domain instead of the docebosaas URL, for example:
https://[customdomain]/lms/index.php?r=SimpleSamlApp/SimpleSamlApp/modules/saml/sp/saml2-acs.php/default-sp
Replace [customdomain] with your custom domain name.
Next, press the Save button. You will receive a message stating the configuration was saved successfully. Then press the X in the top right corner of the Basic SAML Configuration panel to return to the previous screen. The system may request to test the single sign-on at this stage, press No, I’ll test later.
Move to the section SAML Certificates and download the Federation Metadata XML by pressing the Download link.
Move to the section 4 Setup and copy the Microsoft Entra Identifier value to your clipboard.
Now, open the Docebo learn platform, go to the Admin menu by pressing the gear icon in the top right corner, locate SAML and press Manage to enter the settings screen.
In the Identity Provider ID field, paste the Microsoft Entra Identifier, for example:
https://sts.windows.net/17975747-33k9-213t-th66-4if92d300ih/
In the XML Metadata field, paste the text of the Federation Metadata XML file you downloaded earlier.
In the Username Attribute field enter the field you will use as the username in Docebo, for example:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress