In this tutorial we will configure Azure AD using the metadata provided by the Udemy for Business team, or the metadata downloaded from PingOne.
If you don't have the metadata from the Udemy for Business team, or you're not sure how to download it, please refer to this article.
Create a New Application in Azure
1. Login to the classic Azure portal and select Active Directory.
2. Next, click on Applications and then click Add new one from the bottom.
3. Select Add an application from the gallery.
4. Select custom and set the name for the application.
5. Click on Configure single sign-on.
6. Select Microsoft Azure AD Single Sign-on.
7. In configuration, first click on Show advanced settings, and also check Configure the certificate used for federated single sign-on. As an Identifier use value “PingConnect”. As a Sign On URL, use value “https://sso.connect.pingidentity.com/sso/sp/initsso?saasid=<SaasID>”, where you need to replace <SaasID> with entityID from the PingOne metadata. As a Reply URL, use Assertion Consumer Service URL from the PingOne metadata.
8. Configure the Federated SSO certificate.
9. Then you should see your finished SSO configuration in Azure. Don't forget to download XML metadata; you will need it to configure the customer connection in PingOne. You can check that you set up SSO and continue.
10. In the Users and Groups section, please select the users that you want to have access to the new application. Only added users will be able to use SSO.
11. In the Attributes section configure the attributes that are sent in SAML assertion. By clicking on Add user Attribute, you can add the attributes below. The Udemy for Business instance of PingOne supports the following attributes (all attributes are case sensitive).
SCIM.email: the unique email of the user
SCIM.name.givenName: the given (or first) name of the user
SCIM.name.middleName: the middle name (if any) of the user
SCIM.name.familyName: the family (or last) name of the user
SCIM.name.formatted: the fully formatted name of the user
groups: the list of groups to which user belongs
externalID: the user ID specified by customer