Single sign-on

Azure AD SSO

Please follow the steps below to integrate Azure AD single sign-on (SSO) with the O’Reilly learning platform.

  1. Log in to the Azure AD administrator dashboard, navigate to Enterprise applications, and select New application.

    Azure AD SSO step 1
  2. Select Create your own application and enter a name that will help you identify the application, such as O’Reilly SSO. Leave the default option selected: “Integrate any other application you don’t find in the gallery (Non-gallery).” Click Create.

    Azure AD SSO step 2
  3. Select item 2: Set up single sign on.

    Azure AD SSO step 3
  4. Select SAML.

    Azure AD SSO step 4
  5. Select Upload metadata file and upload the SP metadata file provided by the O’Reilly platform integration team member you’re working with. (Here’s an example: https://safarijv.auth0.com/samlp/metadata?connection=example-oreilly.) The panel on the right will show the Entity ID, ACS URL, and Logout URL fields populated. Click Save.

    Azure AD SSO step 5
  6. In section 2: Attributes & Claims, select Edit to review and update the attributes being sent to O’Reilly. To edit an attribute mapping, simply select the row.

    Azure AD SSO step 6a
    Azure AD SSO step 6b
  7. We recommend updating the Unique User Identifier (Name ID) to send the Object ID (user.objectid) or another unchanging value. You can select the new mapping from the Source attribute dropdown, update the Name identifier format to “Persistent,” then click Save.

    Azure AD SSO step 8
  8. You can select Add new claim if you want to send additional attributes to O’Reilly. Once you’re finished updating attributes, select the “SAML-based Sign-on” link to finish the rest of the setup.

    Azure AD SSO step 8
  9. In section 3: SAML Signing Certificate, copy the App Federation Metadata URL and send it to the O’Reilly platform integration team at [email protected].

    They’ll use those details to finish the configuration on the O’Reilly side of the SSO integration.

    Azure AD SSO step 9
  10. In order to use the SSO connection, the new application must be assigned to users or groups. You can do this by selecting Users and groups on the left menu, then Add user/group. You may want to only add a test user to confirm the connection is working. Then you can add the rest of the users or groups you want to provide with O’Reilly access.

    Azure AD SSO step 10
  11. Upload the O’Reilly logo by selecting Properties in the left menu. Our logo can be downloaded here. (The best option is OReilly_logo_rgb.png.)

    Azure AD SSO step 11