Description

Federated Login enables your client’s users to use a single authentication token to access their MPaware portal synced with their Microsoft 365, Okta, or Google accounts.

Requirements

• A licensed MPaware customer

The Process for Microsoft 365

Please note that the numbers listed in the are sequential, but not consecutive. Some numbers have been excluded as the steps are not required.

In your M365 Identity Admin Centre

Select “App Registrations”
Select “New registration”

Enter name for application (example “prodportal”)
Return to your PII Protect portal page and locate the Redirect URL. Click the “Copy” button.
Return to the Azure Admin Center and paste this URL into the “Redirect URL” section.
Click “Register”

Add an Application ID URI”
Click “Set”
Return to your PII Protect portal page and locate the Application ID URL. Click the “Copy” button.
Return to the Azure Admin Center and paste this URL into the “Set the App ID URL” section.
Click “Save”

Select “Token configuration”
Select “Add optional claim”
Select “SAML”

Select “email”
Click “Add”
Select “Turn on the Microsoft Graph email permission (required for claims to appear in token)”
Click “Add”

Select “Overview”
Select “Endpoints”
Copy link under “Federation metadata document”

Return to the MPaware Portal for the final steps.

Paste in the “Metadata URL” you’ve copied from the Azure Admin Center.
Click the “Save” button

Important! If Using Microsoft 365, you need to provide consent for the Federated Login application to be enforced across  the account
Log out of the Portal and log back into the Portal with a user account that is registered within the client that Federated Login was configured for
A “Permissions requested” notification should appear from Microsoft
Select/Check the option for “Consent on behalf of your organization”
Click the “Accept” button