Step-by-step guide to setting up an Azure app as your IDP (identity provider) to allow SAML authentication.
Admin login to the MPmail Avanan MSP portal
- Navigate to https://aad.portal.azure.com and click Enterprise Applications from the left hand menu
- Select non-gallery application
- Enter a name for the Application and click add
- Select set up single sign on
- On the next screen select SAML
- For the Identifier, enter any unique string, this will be used later
- The two steps are from the Avanan portal. From the menu click Configuration → Settings, then click Configure SAML
- In the Configure SAML window copy the SSO URL
- Paste the URL copied in the previous step, into the Reply URL field
- Place the URL for your Avanan portal in the sign-on URL field and then click save in the top left corner of the window
- Click the edit pencil in the User Attributes and Claims box
- Set the unique user identifier to user.mail or user.userprinciplename.
Once the value is saved click X in the top right corner to close this window.
Note: When choosing user.mail make sure the field is populated for all relevant users, otherwise it will be impossible to authenticate users.
- Download the Federation Metadata XML File
- Back in the Avanan portal Configure SAML window, upload the metadata file:
- Check off the Are you running Azure AD box. Under the Azure AD entity ID, input the Identifier you entered in Azure from step 7 then click save
- Back in the Azure portal, the next step is to assign users to this new application. Click users and Groups from the menu and then click Add Users
- Select the User or Group you want to grant access and click Assign
- You should now be able to login to the Avanan portal using the Login with SAML button