Azure SSO Setup
After logging into your Azure portal, go to Home>Enterprise applications and create a New application
Click on Create your own application, enter the Name, and select Integrate any other application you don’t find in the gallery (Non-gallery), and click on Create
Click on Setup single sign-on -> SAML
Back in your Azure portal, search for Basic SAML Configuration, and click on Edit
Add the following URL https://uac.easydmarc.com/realms/easydmarc as seen in the screenshot below. This will then allow you to download the Metadata XML.
After doing the process above, the download button will be available make sure to download the Metadata XML and paste it in EasyDMARC's SSO portal after verifying the ownership of your domain.
From your EasyDMARC Security portal, set up your domain and confirm its ownership
Make sure to add the provided TXT record to your DNS zone. Once added, click on the Verify button.
Note: DNS propagation may take up to several hours.
Now enter the Metadata that you’ve obtained from Microsoft Azure (either downloading the XML or copying the URL)
Make sure then to Validate and Save
Important Note: In case you want to enforce SSO for all users, make sure to disable any OAuth logins by heading to Linked Accounts (Google, Microsoft, LinkedIn), and then proceed with the SSO setup.
After clicking Save, you will be prompted with both Entity ID and Assertion Consumer Service URLs
Back in your Azure portal, search for Basic SAML Configuration, and click on Edit. We will need to change the URLs now with the one provided by EasyDMARC (Entity ID and Assertion Consumer Service URLs). The previous step was only for us to download the Metadata XML.
Enter the information that you’ve obtained within your EasyDMARC portal (Entity ID & Assertion Consumer Service UR) on Azure’s Basic SAML Configuration and click on Save
IMPORTANT NOTE: For Identifier (Entity ID), make sure to just set it as https://uac.easydmarc.com/realms/easydmarc
Go to Users and Groups, and Add user/group - Make sure to add any users who should have SSO access to EasyDMARC, including the administrator user with which you are currently logged into Azure AD and it's done.
After completing the steps above, please follow the instructions below:
- Log out of your EasyDMARC account.
- Open an incognito/private browsing tab.
- Log in using the application created in your identity provider (IDP).
- You will be redirected to EasyDMARC, where you’ll see a prompt to link your account to SSO.
- Click the link to initiate the account linking process. (as shown in the First Screenshot)
- Check your inbox for an email from EasyDMARC (as shown in the Second Screenshot).
- Click the link in the email to complete the login.
EasyDMARC Supports SCIM Provisioning with Azure, Which Can Be Set up Using This Guide.
If you encounter any limitations, please reach out to our Support Team.