Hello there!

Need Help? We are right here!

miniOrange Email Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

Thinkific SSO using AzureAD as IDP


miniOrange's Thinkific SSO solution lets you enable secure and seamless SSO for Thinkific using Azure AD as your active directory. Users can authenticate themselves using their existing credentials which are stored in Azure AD and log in to Thinkific using the Single Sign-On (SSO) solution provided by miniOrange. The solution is easy to setup and configure and it can be deployed within minutes.

Connect with External Source of Users


miniOrange provides user authentication from various external sources, which can be Directories (like ADFS, Microsoft Active Directory, Azure AD, OpenLDAP, Google, AWS Cognito etc), Identity Providers (like Shibboleth, Ping, Okta, OneLogin, KeyCloak), Databases (like MySQL, Maria DB, PostgreSQL) and many more.



Prerequisites

  • Login into miniOrange Admin Console.
  • Click on Customization in the left menu of the dashboard.
  • In Basic Settings, set your company domain in Organization Name textfield.
  • Click Save. Once that is set, the branded login URL would be of the format https://<company_domain>.xecurify.com/moas/login
  • 2FA Two-Factor authentication for  : setting up branding

    Obtain the following information from Thinkific.

  • Login to your Thinkific, go to Settings. Click on Code & analytics.
  • Navigate to API.
  • Thinkific Single Sign-On (SSO): API and subdomain

  • You can find the API Key ( Shared Secret ) and Subdomain here.
  • Also, Obtain the Subdomain from here.
  • JWT Endpoint URL: Example : https://{Subdomain}.thinkific.com/api/sso/v2/sso/jwt?jwt=

Follow the step-by-step Guide given below for Thinkific Single Sign-On (SSO) using Azure AD as IDP

1. Configure AzureAD as IDP


1.a. Configuring miniOrange as Service Provider (SP) in Azure AD

  • Log in to Azure AD Portal.
  • Select Azure Active DirectoryEnterprise Applications.
  • azure ad sso Enterprise Applications

  • Click on New Application.

  • azure ad sso New Application

  • Click on Non-gallery application section and enter the name for your app and click on Add button.
  • azure ad sso Non-gallery application

  • Click on Single sign-on from the application's left-hand navigation menu. The next screen presents the options for configuring single sign-on. Click on SAML.
  • azure ad sso Single sign-on

  • Go to miniOrange Dashboard in the left navigation menu. Click on Add External IdP.
  • azure ad add external IDP

  • Now click on the Click here link to get miniorange metadata as shown in Screen below.
  • azure ad get miniorange metadata

  • Here you will see 2 options, if you are going to initiate SSO from the Application copy the metadata details related to miniOrange from the SP - Initiated SSO section otherwise go for the metadata details from the IDP - Initiated section.
  • azure ad SPintiatedMetadata

  • For Basic SAML configuration you need to get the Entity ID, ACS URL, and the Single Logout URL from miniOrange. You will be able to find the necessary details here.
  • azure ad saml configuration

  • Enter the values in basic SAML configuration as shown in below screen
  • Identifier (Entity ID) Entity ID or Issuer copied from the miniOrange metadata section mentioned in the previous step.
    Reply URL (Assertion Consumer Service URL) ACS URL copied from the miniOrange metadata section mentioned in the previous step.
    Logout URL Single Logout URL copied from the miniOrange metadata section mentioned in the previous step.

  • By default, the following Attributes will be sent in the SAML token. You can view or edit the claims sent in the SAML token to the application under the Attributes tab.

  • azure ad sso Attributes tab

  • Download Federation Metadata xml, and copy the Logout URL as well. This will be used while configuring the Azure AD as IDP in Step 1.b.


1.b. User/Group Assignment

  • Assign users and groups to your SAML application.
  • As a security control, Azure AD will not issue a token allowing a user to sign in to the application unless Azure AD has granted access to the user. Users may be granted access directly, or through group membership.
  • Click on Users and groups from the applications left-hand navigation menu. The next screen presents the options for assigning the users/groups to the application.
  • azure ad sso-13

  • After clicking on Add user, Select Users and groups in the Add Assignment screen.
  • The next screen presents the option for selecting user or invite an external user. Select the appropriate user and click on the Select button.
  • azure ad sso selecting user or invite an external user

  • Here, you can also assign a role to this user under Select Role section. Finally, click on Assign button to assign that user or group to the SAML application.
  • azure ad sso SAML application

1.c. Configure Azure AD as Identity Provider (IDP) in miniOrange

  • Go to miniOrange Admin Console.
  • From the left navigation bar select Identity Provider
  • Click on Add Identity Provider button.


  • azure ad Identity Provider

  • Select SAML. Click on Import IDP metadata.
  • azure ad Import IDP metadata

  • Choose appropriate IDP name. Browse for the file downloaded in step 1.a.
  • Click on Import.
  • azure ad Import

  • As shown below the, IDP Entity ID, SAML SSO Login URL and x.509 Certificate will be auto filled via the imported metadata file. You can also enter the Logout URL copied from Azure AD in the Single Logout URL field.
  • SAML SSO Login URL and x.509 Certificate

  • Few other optional features that can be enabled are listed below:
  • Domain Mapping Enable to redirect domain specific user to a specific IDP
    Show IdP to Users Enable this option if you wish to show this IDP as a button on the login page. Eg : Login with Azure AD.
    Send Configured Attributes Enable this option if you wish to send user attributes from the IDP to WebFlow while SSO.
  • Click on Save.

1.d. Test IDP Connection

  • Go to Identity Providers tab.
  • Click on Select>>Test Connection option against the Identity Provider you configured.
  • azure AD IDPTestConnection


    azure AD login

  • On entering valid Azure Ad credentials you will see a pop-up window which as shown in below screen.
  • SucessTestConn AZure AD IDP

  • Hence your configuration of Azure AD as IDP in miniOrange is successsfully completed.

2. Setup Thinkific as SP

  • Login to miniOrange Admin Console.
  • Go to Apps Click on Add Application button.
  • Thinkific Single Sign-On (SSO) add app

  • Select JWT App.Click on Thinkific.
  • Thinkific Single Sign-On (SSO): saml jwt app

    Thinkific Single Sign-On (SSO): saml jwt app

    Thinkific Single Sign-On (SSO): add jwt app

  • In Add Apps tab enter the values and click on Save.
    Custom Application Name Choose appropriate name according to your choice.
    Description Add appropriate description according to your choice.
    Redirect-URL https://{Subdomain}.thinkific.com/api/sso/v2/sso/jwt?jwt=
  • To configure App secret go to Edit against your configured app, Apps>>Select your app>>Edit
  • Thinkific Single Sign-On (SSO): edit-jwt-app

    Thinkific Single Sign-On (SSO): edit-jwt-app

    App Secret The API key fetched from Thinkific dashboard
    Signature Algorithm Choose HS256
  • Click on Save
  • Now, You can access Thinkific Account Using IDP credentials through the Single-sign-on URL as shown in image above.

3. Test SSO Configuration


  • Login to your Thinkific account.
  • On the Dashboard, Click on Desgin your site-> Theme library option.
  • thinkific Single Sign-On (SSO)desgin site

  • Click on Three Dots as shown in the below image and select EDIT CODE option from dropdown.
  • thinkific Single Sign-On (SSO) edit-code

  • Now, click on the Snippets link and search for meta_tag option and click on it.
  • thinkific Single Sign-On (SSO) snippets

  • Add Single Sign-On URL in the below format as shown in the image, (you will get this url from step 1) and click on Save button.
  • thinkific Single Sign-On (SSO) url

    thinkific Single Sign-On (SSO) login

  • Go to your Thinkific URL, click on SIGN IN button which will redirect you to miniOrange IdP Sign On Page.
  • Thinkific Single Sign-On (SSO): miniOrange Login

  • On accessing the Single sign-On URL, you will be asked for Azure AD credentials.
  • azure AD login
  • On entering the valid credentials, you will be successfully logged into Thinkific.
  • Thinkific Single Sign-On (SSO): Thinkific Login

  • Log into myapplications.microsoft.com using your credentials.
  • Search for the app which you created earlier.
  • IDP app

  • You will be successfully logged into Thinkific.
  • Thinkific Single Sign-On (SSO): Thinkific Login



Want To Schedule A Demo?

Request a Demo
  


Our Other Identity & Access Management Products