You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/saas-apps/infinitecampus-tutorial.md
+36-34Lines changed: 36 additions & 34 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,5 +1,5 @@
1
1
---
2
-
title: 'Tutorial: Azure Active Directory integration with Infinite Campus | Microsoft Docs'
2
+
title: 'Tutorial: Azure Active Directory SSO integration with Infinite Campus'
3
3
description: Learn how to configure single sign-on between Azure Active Directory and Infinite Campus.
4
4
services: active-directory
5
5
author: jeevansd
@@ -9,12 +9,12 @@ ms.service: active-directory
9
9
ms.subservice: saas-app-tutorial
10
10
ms.workload: identity
11
11
ms.topic: tutorial
12
-
ms.date: 11/21/2022
12
+
ms.date: 03/07/2023
13
13
ms.author: jeedes
14
14
---
15
-
# Tutorial: Azure Active Directory integration with Infinite Campus
15
+
# Tutorial: Azure Active Directory SSO integration with Infinite Campus
16
16
17
-
In this tutorial, you'll learn how to integrate Infinite Campus with Azure Active Directory (Azure AD). When you integrate Infinite Campus with Azure AD, you can:
17
+
In this tutorial, you learn how to integrate Infinite Campus with Azure Active Directory (Azure AD). When you integrate Infinite Campus with Azure AD, you can:
18
18
19
19
* Control in Azure AD who has access to Infinite Campus.
20
20
* Enable your users to be automatically signed-in to Infinite Campus with their Azure AD accounts.
@@ -45,7 +45,7 @@ To configure the integration of Infinite Campus into Azure AD, you need to add I
45
45
1. In the **Add from the gallery** section, type **Infinite Campus** in the search box.
46
46
1. Select **Infinite Campus** from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
47
47
48
-
Alternatively, you can also use the [Enterprise App Configuration Wizard](https://portal.office.com/AdminPortal/home?Q=Docs#/azureadappintegration). In this wizard, you can add an application to your tenant, add users/groups to the app, assign roles, as well as walk through the SSO configuration as well. [Learn more about Microsoft 365 wizards.](/microsoft-365/admin/misc/azure-ad-setup-guides)
48
+
Alternatively, you can also use the [Enterprise App Configuration Wizard](https://portal.office.com/AdminPortal/home?Q=Docs#/azureadappintegration). In this wizard, you can add an application to your tenant, add users/groups to the app, assign roles, and walk through the SSO configuration as well. [Learn more about Microsoft 365 wizards.](/microsoft-365/admin/misc/azure-ad-setup-guides)
49
49
50
50
## Configure and test Azure AD SSO for Infinite Campus
51
51
@@ -57,7 +57,6 @@ To configure and test Azure AD SSO with Infinite Campus, perform the following s
57
57
1.**[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
58
58
1.**[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
59
59
1.**[Configure Infinite Campus SSO](#configure-infinite-campus-sso)** - to configure the single sign-on settings on application side.
60
-
1.**[Create Infinite Campus test user](#create-infinite-campus-test-user)** - to have a counterpart of B.Simon in Infinite Campus that is linked to the Azure AD representation of user.
61
60
1.**[Test SSO](#test-sso)** - to verify whether the configuration works.
62
61
63
62
## Configure Azure AD SSO
@@ -70,7 +69,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
4. On the Basic SAML Configuration section, perform the following steps (note that the domain will vary with Hosting Model, but the **FULLY-QUALIFIED-DOMAIN** value must match your Infinite Campus installation):
72
+
4. On the Basic SAML Configuration section, perform the following steps (note that the domain varies with Hosting Model, but the **FULLY-QUALIFIED-DOMAIN** value must match your Infinite Campus installation):
74
73
75
74
a. In the **Sign-on URL** textbox, type a URL using the following pattern: `https://<DOMAIN>.infinitecampus.com/campus/SSO/<DISTRICTNAME>/SIS`
76
75
@@ -84,7 +83,7 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
84
83
85
84
### Create an Azure AD test user
86
85
87
-
In this section, you'll create a test user in the Azure portal called B.Simon.
86
+
In this section, you create a test user in the Azure portal called B.Simon.
88
87
89
88
1. From the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
90
89
1. Select **New user** at the top of the screen.
@@ -96,55 +95,58 @@ In this section, you'll create a test user in the Azure portal called B.Simon.
96
95
97
96
### Assign the Azure AD test user
98
97
99
-
In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Infinite Campus.
98
+
In this section, you enable B.Simon to use Azure single sign-on by granting access to Infinite Campus.
100
99
101
100
1. In the Azure portal, select **Enterprise Applications**, and then select **All applications**.
102
101
1. In the applications list, select **Infinite Campus**.
103
102
1. In the app's overview page, find the **Manage** section and select **Users and groups**.
104
103
1. Select **Add user**, then select **Users and groups** in the **Add Assignment** dialog.
105
104
1. In the **Users and groups** dialog, select **B.Simon** from the Users list, then click the **Select** button at the bottom of the screen.
106
-
1. If you are expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
105
+
1. If you're expecting a role to be assigned to the users, you can select it from the **Select a role** dropdown. If no role has been set up for this app, you see "Default Access" role selected.
107
106
1. In the **Add Assignment** dialog, click the **Assign** button.
108
107
109
108
## Configure Infinite Campus SSO
110
109
111
-
1. In a different web browser window, sign in to Infinite Campus as a Security Administrator.
110
+
For detailed steps on how to configure SSO within Infinite Campus, [please follow the steps in this document](https://kb.infinitecampus.com/help/sso-service-provider-configuration#SSOServiceProviderConfiguration-EnableandConfigureSAMLSSOFunctionality).
112
111
113
-
2. On the left side of menu, click **System Administration**.
112
+
Once you have completed configuring SSO within Infinite Campus, if you would like users to be signed out their Azure SSO connection when logging out of Infinite Campus, [follow these steps](https://kb.infinitecampus.com/help/sso-service-provider-configuration#SSOServiceProviderConfiguration-AddtheInfiniteCampusLogoutURLtotheMicrosoftAzureSAMLSSOConfiguration).
b. Edit the **Optional Attribute Name** to contain **name**.
116
+
In this section, you test your Azure AD single sign-on configuration with following options.
128
117
129
-
c. On the **Select an option to retrieve Identity Provider (IDP) server data** section, select **Metadata URL**, paste the **App Federation Metadata Url** value, which you have copied from the Azure portal in the box, and then click **Sync**.
118
+
* Click on**Test this application**in Azure portal. This will redirect to Infinite Campus Sign-on URL where you can initiate the login flow.
130
119
131
-
d. After clicking **Sync** the values get auto-populated in **SSO Service Provider Configuration** page. These values can be verified to match the values seen in Step 4 above.
120
+
* Go to Infinite Campus Sign-on URL directly and initiate the login flow from there.
132
121
133
-
e. Click **Save**.
122
+
* You can use Microsoft My Apps. When you click the Infinite Campus tile in the My Apps, this will redirect to Infinite Campus Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).
134
123
135
-
### Create Infinite Campus test user
124
+
##Configure Azure SSO for Non-Production Infinite Campus Environments (Sandbox, Staging)
136
125
137
-
Infinite Campus has a demographics centered architecture. Please contact [Infinite Campus support team](mailto:[email protected]) to add the users in the Infinite Campus platform.
126
+
If your district has other Infinite Campus environments, this entire setup process must be repeated for each environment. For example, if your district has an Infinite Campus sandbox site, add the Infinite Campus app from the gallery again and complete the process while referencing the SSO Service Provider Configuration screen within your Infinite Campus sandbox site. If your district also has, for example, an Infinite Campus staging site, you need to complete this process a third time.
138
127
139
-
## Test SSO
128
+
See Infinite Campus [documentation](https://kb.infinitecampus.com/help/sso-service-provider-configuration#sandbox/staging/non-production-environments) for more information about this process.
140
129
141
-
In this section, you test your Azure AD single sign-on configuration with following options.
130
+
## Replacing an Expiring SAML Certificate
142
131
143
-
* Click on **Test this application** in Azure portal. This will redirect to Infinite Campus Sign-on URL where you can initiate the login flow.
132
+
The SAML certificate of this integration relies on which eventually need to be renewed so users can continue logging into Infinite Campus through single sign-on. For districts with proper Campus Messenger Email Settings established, Infinite Campus sends warning emails as the certificate expiration approaches. (Subject: "Action required: Your certificate is expiring.")
144
133
145
-
* Go to Infinite Campus Sign-on URL directly and initiate the login flow from there.
134
+
These are the steps to take to replace an expiring SAML certificate:
135
+
1. Have your district's Microsoft Azure Active Directory admin sign-in to the Azure portal.
136
+
1. On the left navigation pane, select the Azure Active Directory service.
137
+
1. Navigate to Enterprise Applications and select your Infinite Campus application set up previously. (If you have multiple Infinite Campus environments like a sandbox or staging site, you have multiple Infinite Campus applications set up here. You need to complete this process in each respective Infinite Campus environment for any with an expiring certificate.)
138
+
1. Select Single sign-on.
139
+
1. Navigate to the SAML Certificate and copy the App Federation Metadata URL.
140
+
1. Within Infinite Campus, navigate to the SSO Service Provider Configuration tool, select the configuration, and paste the App Federation Metadata URL copied in the previous step into the Metadata URL field.
141
+
1. In a separate window, go back to the Azure portal. Under SAML Certificates, in the Token Signing Certificate area, select Edit.
142
+
1. Select New Certificate. Modify the expiration date if desired.
143
+
1. Select Save. (Leave the Signing Option and Signing Algorithm as-is)
144
+
1. Return to the Infinite Campus window and click the Sync button next to the Metadata URL. It says "IDP Synchronization successful". Select OK and Save.
145
+
1. Return to the Azure portal, still on the SAML Signing Certificate edit screen, select the three dots (...) next to the new certificate. Select Make Certificate Active and click Save.
146
+
1. Select the three dots next to the old certificate. Select Delete Certificate.
147
+
1. Return to Infinite Campus and hit the Sync button next to the Metadata URL again. It says "IDP Synchronization successful" again. Hit OK and Save again.
146
148
147
-
* You can use Microsoft My Apps. When you click the Infinite Campus tile in the My Apps, this will redirect to Infinite Campus Sign-on URL. For more information about the My Apps, see [Introduction to the My Apps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).
149
+
This completes the process of replacing an expiring certificate. For more information, see Infinite Campus [documentation](https://kb.infinitecampus.com/help/sso-service-provider-configuration#SSOServiceProviderConfiguration-CertificateExpirationWarnings).
0 commit comments