SSO Admins can follow the steps in the guide to configure SAML single sign-on for the FranklinCovey Impact Platform with Azure/Entra ID. Find more detailed information from Microsoft about setting up SAML single sign-on in their interface. Please note: You will likely need the proper administrative privileges to follow the configuration instructions.
Setting up SAML single sign-on requires you to configure settings on Azure and the Admin Platform. Start by creating the FranklinCovey app in Azure. Then you can use your metadata to configure the Admin Platform SSO Management page settings using the instructions linked at the end of the article.
Create the FranklinCovey App in Azure
1. Select the Azure Active Directory icon to access your Azure Active Directory
2. Create a new, non-gallery enterprise application
a. Select Enterprise Applications on the left-hand side "Manage" menu
b. Select + New application on the "Enterprise applications" page
c. Select + Create your own application
d. In the "Create your own application" menu, name your new application "FranklinCovey"
e. Select the radio button next to the default option: "Integrate any other application you don't find in the gallery (Non-gallery)."
3. Configure the newly created application for SAML settings
a. Select Single sign-on on the new FranklinCovey application
b. Select the SAML tile on the Single sign-on page
c. Configure Section 1 using our metadata. The Relay State is optional, and if requested, will be provided on a testing call.
i. SP Issues (Entity ID): https://fidm.gigya.com/saml/v2.0/3_qOYUNdOudAGL3G4sZTUMpeCGVgPM3tSDjIgpJR5nGVPIRyrxSvX2zWd4_CsaeFq1
ii. SP Assertion Consumer Service URL: https://fidm.eu1.gigya.com/saml/v2.0/3_qOYUNdOudAGL3G4sZTUMpeCGVgPM3tSDjIgpJR5nGVPIRyrxSvX2zWd4_CsaeFq1/sp/acs
iii. SP Single Logout Service URL: https://fidm.eu1.gigya.com/saml/v2.0/3_qOYUNdOudAGL3G4sZTUMpeCGVgPM3tSDjIgpJR5nGVPIRyrxSvX2zWd4_CsaeFq1/sp/slo
| Note: You can access the entirety of FranklinCovey's SHA256 metadata via this link or by downloading the attached metadata. |
d. Edit the Attributes & Claims. Under Section 2, edit the following three attributes:
i. user.mail
ii. user.givenname
iii. user.surname
4. Remove the namespace from each of the above-named attributes; for the user.mail claim, rename the claim name from "emailaddress" to "email". After renaming, the edited email claim should look like the following:
5. Now, configure the user group assignments dependent on your organization. You have the option to assign the application to everyone or only to specific groups.
a. Turn off user assignments, if desired, by clicking Properties in the left-hand "Manage" menu.
b. Assign specific users or groups by clicking Users and groups in the left-hand "Manage" menu, then click +Add user/group.
Create Bookmark Apps for the Admin Platform and Impact Platform
The FranklinCovey All Access Pass consists of two platforms: the Admin Platform, where admins access their admin functions to control their users and content, and the Impact Platform, where learners access their content, learning tools, and 360 Diagnostic.
We recommend hiding the application tile and creating bookmark tiles for the Admin and Impact Platforms so that admins and learners can access their platforms conveniently from their Azure dashboard.
| NEXT STEP: Now that you have successfully created a new SAML 2.0 SSO app on Azure, refer to the Enabling SAML Single Sign-on for FranklinCovey Site help article to input your metadata and enable SSO on the Impact Platform. |
Comments
0 comments
Article is closed for comments.