Say 👋 hello to BusyBee, your AI-powered learning & teaching companion for Buzz. Learn more!

Administrator

How do I set up Microsoft Entra ID (formerly Azure AD) SSO for my domain?

  • Updated:
    info
    Created:

SAML authentication can be used to establish a secure single sign-on (SSO) connection between Buzz and Microsoft Entra ID (formerly Azure AD). 

Note: Azure AD is in the process of changing to Entra ID. This article uses screenshots from the still-in-use Azure, so it refers to it as such. We will update the article once Microsoft's transitions is complete.

This article covers how to configure your Buzz/Entra SAML SSO:

  1. In Azure: Add Buzz to Azure Active Directory
  2. In Azure: Acquire metadata to provide in Buzz
  3. In Buzz: Provide Entra metadata and copy Buzz metadata

This process requires gathering and providing information from and to both systems, so it's easiest to do with each system open.

Buzz does not support authentication initiated by the Identity Provider (IDP). You must initiate SSO authentication using the Service Provider (SP) which is Buzz. This article documents that workflow.

Refer to this Azure/Entra article for additional help: Enable single sign-on for an enterprise application

1. In Azure: Add Buzz to Azure Active Directory

First, you need to add Buzz as an approved app in your Azure Active Directory:

  1. From the Azure portal side menu, select Azure Active Directory.
  1. Open Enterprise applications.
  1. Select + New application.
  1. Click + Create your own application in the top menu to add Buzz.
  1. Enter Agilix Buzz as the app name.
  2. Select Integrate any other applications you don't find in the gallery (Non-gallery) option.
  3. Click Create.

2. In Azure: Set up Azure and acquire metadata for Buzz

Once you've added Agilix Buzz to your approved Azure apps, you are returned to the Enterprise applications > All applications screen you navigated to in the first two steps of the last section.

From this screen:

  1. Search for Agilix Buzz.
  2. Select Agilix Buzz from the list.
  1. Azure recommends adding Users and groups that you want added to the Buzz app at this point. Follow their directions: Assign users and groups to an application.
  2. Select Single sign-on from the left menu (or click Get started on the Single sign-on card).
  1. Select SAML.
  1. On the Basic SAML configuration card, click Edit and provide:
    • Identifier (Entity ID): For this, add your Buzz userspace in the appropriate place in this URL:
      • https://api.agilixbuzz.com/SAML/[INSERT USERSPACE]
    • Reply URL (Assertion Consumer Service URL): For this, add your Buzz userspace in the appropriate place in this URL:
      • https://api.agilixbuzz.com/SAML/[INSERT USERSPACE]/Consumer
    • Sign on URL (Optional): If you want to, you can add your Buzz userspace in the appropriate place in this URL:
      • https://[INSERT USERSPACE].AgilixBuzz.com/home
  2. From the SAML Certificates card, download the Federation Metadata XML.

3. In Buzz: Provide Azure metadata and copy Buzz metadata

Now that you've set up Azure and acquired the metadata xml file, you're ready to set up Buzz.

In the admin app:

  1. Open the vertical menu in the toolbar of Domain Details and select Domain Settings.
  1. On the Authentication card, select SAML as your authentication Type. Do not choose the "old version" of SAML.
  2. Click Add identity provider (IdP).
  1. Provide the Login prompt. This is what appears on the login button. If you have only  one IdP, this defaults to Login, if you have more, you can label them appropriately.
  2. Upload the Federation Metadata XML file that you acquired from Azure.
  3. The Metadata resource path and Provider ID are automatically populated.
  4. Click Done.
  1. Provide a Logout redirect URL if you want users to be taken to somewhere other than the Buzz login screen when they sign out.
  2. The Share SAML configuration with subdomains option allows you to let subdomains inherit this configuration, so you don't have to configure each domain individually.
    • Note: Usernames in domains that share a SAML configuration must be unique. Users with non-unique usernames cannot authenticate with Single Sign-on (SSO).
  3. Indicate if you want to Prevent users from using Buzz credentials. If you don't select this, you have the options to:
  4. Save.

Related articles:

forum

Have a question or feedback? Let us know over in Discussions!

Articles in this section

See all 132 articles

Related articles