- Review client’s Microsoft Azure AD configuration (tenant, domain, user provisioning policies).
- Define integration requirements: authentication flow, Single Sign-On (SSO), and user account mapping.
- Configure Koha ILS server to support SAML 2.0 authentication.
- Backup Koha ILS configuration and database prior to integration.
- Register Koha ILS as an Enterprise Application in Azure AD.
- Configure SAML 2.0 settings (Entity ID, Reply URL, Logout URL, etc.).
- Generate and apply X.509 certificate for secure assertion signing.
- Map Azure AD user attributes (e.g., mail, givenName, sn, employeeID) to Koha patron fields.
- Configure Identity Provider (IdP) metadata from Azure AD.
- Implement user attribute mapping to match Azure AD fields with Koha patron records.
- Set up role-based access (e.g., mapping staff/admin users from Azure AD groups).
- Configure fallback authentication (local Koha admin login in case of AD outage).
- Testing & Validation
- 12-months technical support and maintenance services.
