Please Note: This article was written with the help of a current University partner who successfully configured Student and Admin SSO with 12twenty using ADFS (Azure). Please note that the steps below may not be your exact steps as each school’s configuration can vary.
12twenty & Azure
- Within Azure AD, navigate to the Enterprise Applications area in the left-hand navigation panel
- Click “+ New Application”
- Click “+ Create your own Application”
Please Note: 12twenty does not have an App that is searchable currently - In the slide-out menu on the right side of the screen, select “Integrate any other application you don’t find the gallery”
a) Name it “12twenty” and hit “Create”
You will then land on the Overview tab and see a list of Properties
Please Note: “Application ID” and “Object ID” are pre-populated by Azure and do not need to be configured further. - Within the left-hand navigation menu, click on “Single sign-on”
- Several options will appear -- select the card that says “SAML”
- Five steps will appear. You only need to focus on steps 1-3.
- In step 1, click the ‘Edit’ icon and insert our 12twenty ‘EntityID’ (https://sso.12twenty.com/sp) and our ‘Reply URL’ (https://sso.12twenty.com/Shibboleth.sso/SAML2/POST) and save your changes.
Please Note: Both of these items can also be found within our 12twenty Metadata here - https://sso.12twenty.com/Shibboleth.sso/Metadata - In step 2, click the ‘Edit’ icon and then click ‘Add Claim’, then you’ll add the SAML attribute details for the SAML attribute that you’d like to pass to us. (MAIL, EPPN, or UID)
(Name, NameFormat, etc.)
Please Note:
- You can remove any default claims that already exist if you’d like, but they should not affect anything.
- You should be able to omit the ‘NameFormat’ using the “Ommited (default)” option.
Populate the following fields and save your changes:
- Name = the proper name of the SAML attributes you’re releasing to us. For example, the Name for the MAIL attribute is urn:oid:0.9.2342.19200300.100.1.3. Please refer to the SAML attribute section of this article for more information.
- Source = Attribute Source attribute = user.extension attribute. The extension attribute is equal to the SAML attribute that you are wanting to release to us. For example, if you are sending ‘email address’, the extension attribute might be ‘mail’.
- In step 3, click the ‘Edit’ icon and make sure that…
Signing Option = Sign SAML Assertion (it should default this value)
Signing Algorithm = SHA-256 (it should default to this value)
At this point the setup is complete. In Step 3 you will now see your App Federation Metadata URL that you can provide to 12twenty.