How to set up iHasco SSO with Azure AD

Modified on Thu, 15 Feb 2024 at 02:34 PM

Supported Features

The Azure Active Directory (AD) / iHASCO Single Sign-On (SSO) integration currently supports the following features:

SP-initiated SAML2
SP-initiated Single Logout
Just In Time (JIT) Provisioning

Overview

You will need:

Access to the SSO feature within the iHasco LMS. Tell your iHasco account manager that you want to use SSO and they will enable it.
Your unique iHasco URL key. This is the last part of your Training URL. For example, if your URL is app.ihasco.co.uk/voovavoo, then your URL key is voovavoo. Your Training URL is shown on the home screen when you sign in to the LMS at https://app.ihasco.co.uk/client/login.

What you need to do:

Add the iHasco Training app to your Azure AD.
Create the Identity provider(IDP) details in iHasco Atlas LMS.
Set the Registration method to use your IDP in iHasco Atlas LMS.
Test SSO with iHasco Training using your Azure AD.

Add the iHasco Training app to your Azure AD

Sign in to your Azure AD account.
Click Enterprise Applications then click New application.
Search for iHasco.
Click the iHASCO Training tile.
Click Create.
Click Set up single sign on.
Click SAML.
Change the Basic SAML Configuration with the following information:

Note Remember to substitute your URL key for {url_key}
Click Save.

Azure AD SSO Basic SAML Config	Value
Identifier (Entity ID)	https://authentication.ihasco.co.uk/saml2/{url_key}/metadata
Reply URL (Assertion Consumer Service URL)	https://authentication.ihasco.co.uk/saml2/{url_key}/acs
Sign on URL	https://app.ihasco.co.uk/{url_key}
Relay State	Leave empty
Logout Url	https://authentication.ihasco.co.uk/saml2/{url_key}/sls

Create the Identity provider details in iHasco LMS

Note You need to sign in to your Azure AD account during this process because you need to copy and download Azure Identity provider details into your iHASCO LMS.

Sign in to iHasco Atlas LMS as an administrator at https://app.ihasco.co.uk/client/login.
Click Settings.
Scroll down to the Advanced card and click Single Sign On.
Click Add Provider and select SAML2.
Type your name for this provider in Description.
Scroll to find IDENTITY PROVIDER DETAILS.
Copy and paste the values in the following fields from Azure AD to iHASCO:
Download, copy and paste the Signing Certificate from Azure AD to iHASCO:
Scroll to find USER ATTRIBUTE MAPPING.
Copy and paste the following addresses:
Click Save.
Click Enable now.

Copy from Azure AD SSO: 4 Set up iHasco Training	Paste to iHascoLMS SSO: IDENTITY PROVIDER DETAILS	Required
Login URL	Single Sign-on URL	Yes
Logout URL	Single Logout URL	Optional
Azure AD Identifier	Entity ID	Yes

Copy from Azure AD SSO 3 SAML Signing Certificate	Paste to iHasco LMS SSO IDENTITY PROVIDER DETAILS
Find Certificate(Base64) and click Download
Open the file in a text editor and copy all the contents
	Find X509 (Public) Certificate
	Paste the file contents into the box

Email address	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
First name	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
Last name	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

Set the Registration method in iHasco LMS

Click Settings.
Scroll down to the Advanced card and click Security.
Find Registration Method and select Single Sign On Provider.
Choose your new provider as the Selected Provider.
Click Save changes.

Azure AD / iHasco SSO set up is now complete.

Test SSO using Azure AD

Note Remember to add users to the iHascoTraining application in Azure AD before testing and sign out of any iHASCO administrator accounts before testing.

From your Azure AD account, find 5 Test single sign-on with iHasco Training.
Click Test.

If the test is successful, you will be signed in and taken to the iHasco My Learning screen (or to the iHasco Atlas LMS if testing with a pre-registered admin account).