Description


Step-by-step guide to setting up an Azure app as your IDP (identity provider) to allow SAML authentication.


Requirements


Admin login to the MPmail Avanan MSP portal


The Process


  1. Navigate to https://aad.portal.azure.com and click Enterprise Applications from the left hand menu
  2. Click new application:
  3. Select non-gallery application
  4. Enter a name for the Application and click add
  5. Select set up single sign on
  6. On the next screen select SAML
  7. For the Identifier, enter any unique string, this will be used later
  8. The two steps are from the Avanan portal. From the menu click Configuration → Settings, then click Configure SAML
  9. In the Configure SAML window copy the SSO URL
  10. Paste the URL copied in the previous step, into the Reply URL field
  11. Place the URL for your Avanan portal in the sign-on URL field and then click save in the top left corner of the window
  12. Click the edit pencil in the User Attributes and Claims box
  13. Set the unique user identifier to user.mail or user.userprinciplename.
    Once the value is saved click X in the top right corner to close this window.
    Note: When choosing user.mail make sure the field is populated for all relevant users, otherwise it will be impossible to authenticate users.
  14. Download the Federation Metadata XML File
  15. Back in the Avanan portal Configure SAML window, upload the metadata file:
  16. Check off the Are you running Azure AD box. Under the Azure AD entity ID, input the Identifier you entered in Azure from step 7 then click save
  17. Back in the Azure portal, the next step is to assign users to this new application. Click users and Groups from the menu and then click Add Users
  18. Select the User or Group you want to grant access and click Assign
  19. You should now be able to login to the Avanan portal using the Login with SAML button