How to Configure Single Sign-On (SSO) with Microsoft Azure Active Directory?

Single Sign-On Microsoft Azure Active Directory

We will go over how to configure SAML-based Single Sign-On (SSO) with Microsoft Azure Active Directory in this post.

If you use Okta for SSO, refer to: How to Configure Single Sign-On (SSO) with Okta.

If you use Google for SSO, refer to: How to Configure Single Sign-On (SSO) with Google.

Create an enterprise application in Azure Active Directory

First, we need to create an enterprise application on Azure portal.

Log in to the portal, go to Azure Active Directory->Enterprise Applications->New application->Create your own application, enter DMARCLY as the name of the app, also make sure the "Integrate any other application you don't find in the gallery (Non-gallery)" option is selected, then hit Create, as illustrated below:

create-non-gallery-enterprise-application

It may take Azure a while to create that application. Once the enterprise application is created, it will redirect to the Overview page of the application. If it's not the case, you need to navigate to the application list, and manually click on that application.

Configure the enterprise application for SSO

On the Overview page, click on Get started on the Set up single sign on card, as highlighted in red below:

set-up-single-sign-on

Then it will display the SSO with SAML settings page.

Now you need to fill in Entity ID and Assertion Consumer Service URL on the Basic SAML Configuration card. Click on Edit on that card to reveal the Basic SAML Configuration modal:

basic-saml-configuration

You need to grab Service Provider Entity ID and Assertion Consumer Service URL from the DMARCLY dashboard. Log in to DMARCLY, go to System->Single Sign-On (SSO), toggle on the Enable Single Sign-On switch, and choose Azure AD as the Identity Provider:

enable-sso

then copy these 2 values from there and paste them in the Azure portal input boxes one by one. Then hit Save.

Once done, it should look like this:

single-sign-on-with-saml-settings

Note: if you are in the EU zone, please make sure that both Service Provider Entity ID and Assertion Consumer Service URL start with https://eu.dmarcly.com, instead of https://dmarcly.com.

Now scroll down to the SAML Certificates card on Azure portal, copy the App Federation Metadata Url value:

app-federation-metadata-url

switch back to the DMARCLY dashboard, paste it in the IdP Metadata Url field:

idp-metadata-url

then hit Update SSO.

Assign users to the enterprise application

Before a user in your tenant can use the application, you must assign the user to it. Go to Azure Active Directory->Enterprise applications, click on the application to show its page, click on Users and groups, then click on Add user/group:

add-user-group

to open the Add Assignment page:

add-assignment

click on the Users row and follow the instructions to add the users. Then click on Assign.

Create users in DMARCLY

To log in via SSO, in addition to a corresponding user account in Azure AD, a user must have an account in DMARCLY.

To create a user account in DMARCLY, log in to the dashboard, go to Users->Add User, enter the user email address and the other fields on the page, then click on Save User.

Log in via SSO

Now that you are done with the configuration, you can log in via SSO.

If you are a non-EU user, navigate to https://dmarcly.com/login-sso, otherwise navigate to https://eu.dmarcly.com/login-sso.

Now enter your account email with DMARCLY, then you will be redirected to the Azure AD login screen:

azure-ad-login

enter your credentials with Azure AD. Once authenticated, you will be redirected to the DMARCLY dashboard.

IdP-initiated SSO

You can also access DMARCLY directly from Microsoft. To do so, navigate to: https://myapps.microsoft.com, enter your credentials to log in, go to My Apps and you will see a list of applications created in Azure AD within your tenant.

my-apps

If you followed the steps above in this article, you will see the DMARCLY logo appear on that list. Simply click on the logo and you will be redirected to the DMARCLY dashboard.

Enforce SSO

You can enforce SSO so that all users must log in via SSO. That is, direct login will be disabled.

To enforce SSO, turn on the Enforce SSO checkbox in System->Single Sign-On (SSO) in the DMARCLY dashboard:

enforce-sso

then click on Update SSO.

Now log out of your DMARCLY dashboard, and try to log in again on the direct login page, you will see some warning like this:

requires-sso-warning

Simply click on the SSO link to proceed with SSO login.

Article précédent Article suivant

 Protect Business Email & Improve Email Deliverability

Get a 14 day trial. No credit card required.

Create Account