This process has 3 parts:

Part 1: Creating the app

Part 2: Configuring app settings

Part 3: SSO onboarding - Provide Your Azure AD SAML Identity Provider Details to EnhanceTV

ACCESSING AZURE ACTIVE DIRECTORY FROM OFFICE 365 ADMINISTRATION1. Sign into https://www.office.com/ with your Office Administrator account.

AUDIENCE

Institution administrators with access to their institution’s Azure Active Directory administration.

PURPOSE

To set up SSO for a whole Institution.

Azure AD Integration with ETV

2. Select Admin

3. A new browser tab opens showing the Office 365 Admin Center

4. Expand Admin Centers

5. Select Azure AD at the bottom of this expanded section. A new browser tab will open, showing the Azure Active Directory admin center.

If you get here this way you can skip step one in the next section, and start at step 2.

PART 1: CREATING THE APP1. Log in to your Microsoft Azure Management Portal at:

https://portal.azure.com.

NOTE: Do not use ‘manage.windowsazure.com’ - that is the old Azure system that this guide will not refer to.

2. Select the Active Directory node on the left navigation menu.

NOTE: As it is possible to have multiple directories in a single Azure tenant, ensure that you select the correct directory you wish to integrate. Select the correct directory, if there is more than one, using the “Switch directory” link at the top of the Overview panel. It will be grayed out if there is only one directory.

3. Select App registrations from the menu to the left of the window.

4. Click the + New Application registration button located at the top of the right panel.

5. In the Create window, complete the following fields:

Name EnhanceTV

Application Type Web app / API

Sign on URLhttp://stag-fe.enhancetv.com.au/ for testing

https://www.enhancetv.com.au for production

6. Click the Create button

7. Your SSO Application is now created and will be available under the Azure ‘App registra-tions’ menu.

Continue to Part 2 to make the required modifications to your application properties.

PART 2: CONFIGURING APP SETTINGS1. From the App Registrations page, select your EnhanceTV app.

2. At the top of the panel, click the Settings cog.

A new pane will open to the right.

3. Select Properties to open basic application properties.

4. In a separate browser window or tab log onto EnhanceTV with your school’s EnhanceTV school administrator username and password.

5. Click Manage Account in the top header bar under the administrator’s name

6. Select the Setup SSO panel from the Account management horizontal menu.

7. The EnhanceTV Service Provider should be shown, if not select EnhanceTV Service Provider.

8. Copy for pasting the shown SAML2 Entity ID. NOTE: This Entity ID is unique to your school and it allows your Azure AD instance to connect your users to back to EnhanceTV securely after they have authenticated with your Identity Provider, your Office 365 Azure Active Directory.

9. Back on the Azure AD administration page confirm or complete the following fields in the Properties panel:

FIELD VALUE

Display Name What was entered during initial app setup

Home page URL What was entered during initial app setup

App ID URIService Provider SAML2 Entity ID copied from the Enhance-TV page you visited in step 4

Logout URL Leave blank

Multi-tenanted No

NOTE: Download the suitable EnhanceTV logo image file from https://stag-fe.enhancetv.com.au/apple-icon-180x180.png. Upload to have that displayed to your users. NOTE: Access the Properties panel if it is not shown by clicking the Settings link with the cog icon next to it, then select Properties on the settings panel under General.

10. At the top of the panel, click Save to save changes.

After a few minutes, Azure will confirm that the changes have been completed. Stay on this screen until the confirmation message displays

11. In the Settings pane, click Reply URLs.

12. Ensure that the only reply URL listed is the “Assertion Consumer Service (ACS) Endpoint URL” copy this from the EnhanceTV Account Management - Setup SSO - EnhanceTV Servi-ce Provider panel you accessed in step 8 above.

Delete any others that may have been added.

13. Click Save at the top of the panel to apply changes.

14. Set Required permissions and click Save

15. Click Grant permissions.

16. Adjust the App Manifest. Select the link “App Manifest” next to the Settings link. Ensure the following JSON values are configured correctly:

• Remove any values in “appRoles”

• Set “groupMembershipClaims” to “All”

• Check homepage, identifierUris, logoutUrl and replyUrls are set correctly based on the previous config settings.

• Save the manifest file.

17. Continue to Part3 to complete the SSO setup in the EnhanceTV School Administrator - Ac-count Management - Setup SSO - Identity Provider panel.

PART 3: PROVIDE YOUR AZURE AD SAML IDENTITY PROVIDER DETAILS TO ENHANCETV1. Download your Azure AD SAML Identity Provider metadata and save into an XML file.

• Back on the Azure Active Directory Administration (in a separate browser tab) you want to get to the Endpoints panel. You can get to it on the App registrations panel next to the “New application registration” link you used to create the app.

• Copy for pasting the URL from the “FEDERATION METADATA DOCUMENT” URL

• Open a new Browser tab and paste the URL into the address area.

2. On the Setup SSO panel of the EnhanceTV School Administrator - Account Management - Setup SSO page select the “Your Identity Provider” panel.

3. Back on the Azure Active Directory Administration (in a separate browser tab) navigate to the Endpoints panel. You can get to it on the App registrations panel next to the “New application registration” link you used to create the app.

These documents are provided as a helpful guide only. Enhance TV is not responsible for the accuracy or completeness of the content within the documents or any issues arising from the application of the instructions provided. Users are advised to seek their own technical assistance from qualified experts.

4. Copy and paste data from Azure Active Directory Administration - Endpoints Panel to EnhanceTV Setup SSO - Your Identity Provider panel as per the following table:

Azure Active Directory Administration - Endpoints Panel

EnhanceTV Setup SSO - Your Identity Provider panel

FEDERATION METADATA DOCUMENT URL

SAML2 Entity Id

SAML-P SIGN-ON ENDPOINT” URL Single Sign On Service (SSO) Endpoint UR

NOTE: The Single Logout Service (SLS) Endpoint URL is left blank.