Product Backlog Item 2455355: SaaS App Tutorial: Infinite Campus Update

Author: bhavana-129

articles/active-directory/saas-apps/infinitecampus-tutorial.md

@@ -1,5 +1,5 @@
 ---
-title: 'Tutorial: Azure Active Directory integration with Infinite Campus | Microsoft Docs'
+title: 'Tutorial: Azure Active Directory SSO integration with Infinite Campus'
 description: Learn how to configure single sign-on between Azure Active Directory and Infinite Campus.
 services: active-directory
 author: jeevansd
@@ -9,12 +9,12 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 11/21/2022
+ms.date: 03/07/2023
 ms.author: jeedes
 ---
-# Tutorial: Azure Active Directory integration with Infinite Campus
+# Tutorial: Azure Active Directory SSO integration with Infinite Campus
 
-In this tutorial, you'll learn how to integrate Infinite Campus with Azure Active Directory (Azure AD). When you integrate Infinite Campus with Azure AD, you can:
+In this tutorial, you learn how to integrate Infinite Campus with Azure Active Directory (Azure AD). When you integrate Infinite Campus with Azure AD, you can:
 
 * Control in Azure AD who has access to Infinite Campus.
 * Enable your users to be automatically signed-in to Infinite Campus with their Azure AD accounts.
@@ -57,7 +57,6 @@ To configure and test Azure AD SSO with Infinite Campus, perform the following s
     1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
     1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
 1. **[Configure Infinite Campus SSO](#configure-infinite-campus-sso)** - to configure the single sign-on settings on application side.
-    1. **[Create Infinite Campus test user](#create-infinite-campus-test-user)** - to have a counterpart of B.Simon in Infinite Campus that is linked to the Azure AD representation of user.
 1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
 
 ## Configure Azure AD SSO
@@ -108,43 +107,46 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 
 ## Configure Infinite Campus SSO
 
-1. In a different web browser window, sign in to Infinite Campus as a Security Administrator.
+For detailed steps on how to configure SSO within Infinite Campus, [please follow the steps in this document](https://kb.infinitecampus.com/help/sso-service-provider-configuration#SSOServiceProviderConfiguration-EnableandConfigureSAMLSSOFunctionality).
 
-2. On the left side of menu, click **System Administration**.
+Once you have completed configuring SSO within Infinite Campus, if you would like users to be signed out their Azure SSO connection when logging out of Infinite Campus, [follow these steps](https://kb.infinitecampus.com/help/sso-service-provider-configuration#SSOServiceProviderConfiguration-AddtheInfiniteCampusLogoutURLtotheMicrosoftAzureSAMLSSOConfiguration).
 
-	![The Admin](./media/infinitecampus-tutorial/admin.png)
-
-3. Navigate to **User Security** > **SAML Management** > **SSO Service Provider Configuration**.
-
-	![The saml](./media/infinitecampus-tutorial/security.png)
-
-4. On the **SSO Service Provider Configuration** page, perform the following steps:
-
-	![The sso](./media/infinitecampus-tutorial/configuration.png)
-
-	a. Select **Enable SAML Single Sign On**.
+## Test SSO
 
-	b. Edit the **Optional Attribute Name** to contain **name**.
+In this section, you test your Azure AD single sign-on configuration with following options. 
 
-	c. On the **Select an option to retrieve Identity Provider (IDP) server data** section, select **Metadata URL**, paste the **App Federation Metadata Url** value, which you have copied from the Azure portal in the box, and then click **Sync**.
+* Click on **Test this application** in Azure portal. This will redirect to Infinite Campus Sign-on URL where you can initiate the login flow. 
 
-	d. After clicking **Sync** the values get auto-populated in **SSO Service Provider Configuration** page. These values can be verified to match the values seen in Step 4 above.
+* Go to Infinite Campus Sign-on URL directly and initiate the login flow from there.
 
-	e. Click **Save**.
+* You can use Microsoft My Apps. When you click the Infinite Campus tile in the My Apps, this will redirect to Infinite Campus Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).
 
-### Create Infinite Campus test user
+## Configure Azure SSO for Non-Production Infinite Campus Environments (Sandbox, Staging)
 
-Infinite Campus has a demographics centered architecture. Please contact [Infinite Campus support team](mailto:[email protected]) to add the users in the Infinite Campus platform.
+If your district has additional Infinite Campus environments, this entire setup process must be repeated for each environment. For example, if your district has an Infinite Campus sandbox site, add the Infinite Campus app from the gallery again and complete the process while referencing the SSO Service Provider Configuration screen within your Infinite Campus sandbox site. If your district also has, for example, an Infinite Campus staging site, you will need to complete this process a third time.
 
-## Test SSO
+See Infinite Campus [documentation](https://kb.infinitecampus.com/help/sso-service-provider-configuration#sandbox/staging/non-production-environments) for more information about this process. 
 
-In this section, you test your Azure AD single sign-on configuration with following options. 
+## Replacing an Expiring SAML Certificate
 
-* Click on **Test this application** in Azure portal. This will redirect to Infinite Campus Sign-on URL where you can initiate the login flow. 
+The SAML certificate of this integration relies on which eventually need to be renewed so users can continue logging into Infinite Campus through single sign-on. For districts with proper Campus Messenger Email Settings established, Infinite Campus will send warning emails as the certificate expiration approaches. (Subject: "Action required: Your certificate is expiring.") 
 
-* Go to Infinite Campus Sign-on URL directly and initiate the login flow from there.
+These are the steps to take to replace an expiring SAML certificate: 
+1. Have your district's Microsoft Azure Active Directory admin sign in to the Azure portal.
+1.	On the left navigation pane, select the Azure Active Directory service.
+1.	Navigate to Enterprise Applications and select your Infinite Campus application set up previously. (If you have multiple Infinite Campus environments like a sandbox or staging site, you will have multiple Infinite Campus applications set up here. You will need to complete this process in each respective Infinite Campus environment for any with an expiring certificate.)
+1.	Select Single Sign-On.
+1.	Navigate to the SAML Certificate and copy the App Federation Metadata URL.
+1.	Within Infinite Campus, navigate to the SSO Service Provider Configuration tool, select the configuration, and paste the App Federation Metadata URL copied in the previous step into the Metadata URL field.
+1.	In a separate window, go back to the Azure portal. Under SAML Certificates, in the Token Signing Certificate area, select Edit.
+1.	Select New Certificate. Modify the expiration date if desired. 
+1.	Select Save. (Leave the Signing Option and Signing Algorithm as-is)
+1.	Return to the Infinite Campus window and click the Sync button next to the Metadata URL. It will say "IDP Synchronization successful". Select OK and Save.
+1.	Return to the Azure portal, still on the SAML Signing Certificate edit screen, select the three dots (...) next to the new certificate. Select Make Certificate Active and click Save.
+1.	Select the three dots next to the old certificate. Select Delete Certificate.
+1.	Return to Infinite Campus and hit the Sync button next to the Metadata URL again. It will say "IDP Synchronization successful" again. Hit OK and Save again.
 
-* You can use Microsoft My Apps. When you click the Infinite Campus tile in the My Apps, this will redirect to Infinite Campus Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).
+This completes the process of replacing an expiring certificate. For additional details see Infinite Campus [documentation](https://kb.infinitecampus.com/help/sso-service-provider-configuration#SSOServiceProviderConfiguration-CertificateExpirationWarnings).
 
 ## Next steps