Cloud Streaming - Azure Active Directory SAML V2 Setup Guide

Use the SAML Service Provider Metadata XML file provided by Swank to import our configuration into your SAML Provider. You can download the file here.

Step 1 – Configure Azure AD Enterprise Application

Create Enterprise Application

1. Sign into the Azure Portal
2. Navigate to Enterprise Applications
3. Select New Application
   • If you do not see "Non-gallery application" and do see this prompt:
     
     Click the prompt to switch back to the old gallery experience.
4. Select Non-gallery application
5. Enter your application name ( “digitalcampus.swankmp.net” ) and Click Add.
6. On Properties, Select “Set up Single sign on”
   
7. Select SAML
   
8. Select Upload metadata file
   
9. Use the Digital Campus ServiceProviderMetadata.xml file which can be downloaded from here then click Add.   This imports the following:
   • Identifier (Entity ID)
   • Reply URL (Assertion Consumer Service URL)
   • Logout Url
   • SAML Signing Certificates
10. Confirm Basic Settings
    
11. Edit SAML Signing Certificate and change Signing Option to “Sign SAML response and assertion”.
    • 
    • 
12. Download Federation Metadata XML File.  This file will be used in the SAML setup of Digital Campus Portal
    
13. Click Save.

Assign Application Access

1. Select Users and Groups add Test Users or Groups
   • 
2. Select appropriate users and click Assign.   These will be authorized users for the application.

Configure Attributes & Claims

1. Select Single sign-on.
   • 
2. Click the Edit button for "Attributes & Claims".
   1. Required SAML attributes follow but should be renamed to the urn:oid standard. Renaming the attributes to the urn:oid standard will allow the Swank streaming portal to identify the attribute and auto populate these required fields for instructor/admin accounts.
      • user.givenname --> urn:oid:2.5.4.42
      • user.surname--> urn:oid:2.5.4.4
      • user.mail --> urn:oid:0.9.2342.19200300.100.1.3
   2. When renaming in Azure, the urn:oid should go in the Name field and the Namespace should be left blank as shown here:
      •  
      • 

​​
Add a Group Claim

You may want to return a group claim to help you identify a specific user group that will need an elevated role on the streaming portal. Steps below provide basic guidance, but please refer to Microsoft documentation/support for the most up to date information.

1. Click "Add a group claim"
   • 
2. From here you can select All Groups to return all of the groups the user attempting to authenticate belongs to.     
   • You can then select the appropriate Source Attribute value to return (Group ID, sAMAccountName, etc.)
     • Note: sAMAccountName - This source attribute only works for groups synchronized from an on-premises Active Directory using Microsoft Entra Connect Sync 1.2.70.0 or above.
     • 
3. Then click Save.
4. The Group values should return with this attribute name:
   • "http://schemas.microsoft.com/ws/2008/06/identity/claims/groups"
   • 
   • The Id returned is the Object Id of the Group defined in Azure AD:
     • 

Step 2 – Configure Digital Campus SAML Authentication

1. Refer to the following article to continue setup in the Swank Cloud Streaming Admin:
   Configuring Swank Cloud Streaming SAML Authentication

If you are having issues authenticating after your configuration is complete, please refer to the following guide: Cloud Streaming - Azure SAML V2 Troubleshooting – Swank Motion Pictures, Inc.