Skip to main content

SAML with Microsoft Entra ID (fka Microsoft Azure AD)

Updated

The Infobase Platform offers the ability to connect your Microsoft Entra ID for authentication. For more about the Entra ID, see Microsoft's site here.

Infobase resources are federated in the UK Federation, InCommon, and EduGAIN. The following instructions are for IdPs that are not federated.

Please note that user provisioning and rostering is not currently supported. The connection works via domain match and will not create a new user in the Infobase system or log a user into their existing personal account.

This integration uses an OpenAthens connector, but you do not need an OpenAthens account to set this up. For more on their technical requirements for SAML, see this page of the OpenAthens Help Center.
 

Setting up the Microsoft Entra ID SAML connection:

  1. Create a new SAML instance

     

  2. Upload our metadata XML file, or use the following information to create the connection manually: 

    SP Metadata URL:  https://sp.openathens.net/metadata-sp/credoreference.com/235ba2cc-44a1-44fa-a9a3-e9a434dd2930?hostedLogos=false

    SP Entity ID:  https://search.credoreference.com/oa/entity

     Some services may also require an SP Assertion Consumer Service URL: https://connect.openathens.net/credoreference.com/235ba2cc-44a1-44fa-a9a3-e9a434dd2930/auth/rcv/saml2/post

     

  3. Create a custom attribute to release the eduPersonScopedAffiliation role with a specific name: 

    urn:oid:1.3.6.1.4.1.5923.1.1.1.9

    This attribute specifies the person's affiliation within a particular security domain in broad categories such as student, faculty, staff, alum, etc. Example values of this attribute are: staff@abccollege.edu, student@abccollege.edu. The part before the @ signifies the affiliation of the user within the domain. The part after the @ can be the domain name. The full set of expected values in this attribute need to be shared with Infobase to complete SAML setup on the account.

     

  4. Share your metadata URL and entity ID with Infobase (productsupport@infobase.com) or use this custom Google form to send us the information. Once the connection is complete on our side, we will send you back an Infobase URL with account ID to test with., 
     

Common errors:

If you see the following message, please have your technical team review this Microsoft Help Page.

"Sorry, but we’re having trouble signing you in.
AADSTS50105: Your administrator has configured the application Infobase (CredoReference) to block users unless they are specifically granted ('assigned') access to the application. The signed in user '[patron email]' is blocked because they are not a direct member of a group with access, nor had access directly assigned by an administrator. Please contact your administrator to assign access to this application."

Related to

Related articles

Powered by Zendesk