Create the application in Azure AD

Go to to load the Azure Active Directory admin center

On the sidebar, under Manage, select Enterprise applications

Click on New application

On the app browser, select Create your own application

Give it a name (eg: OnDMARC), and select Integrate any other application you don't find in the gallery

Once the app is created, let's set the app properties.

Then, on the app side bar, select Properties and under Logo browse for the downloaded logo. Then Save your changes.

Now, we'll set up SAML SSO. On the app sidebar, under Manage, select Single sign-on

Select SAML as the sign-on method

Use the information in this article for Step 1 of the SAML setup:

Fill in the Basic SAML Configuration as shown below, using the information from the article earlier and make sure that the two tick-boxes circled on the right are ticked.

NOTE: Do not add trailing slash at the end of the URLs. Create them exactly as shown below.

Click on Save.

It should look like the screenshot below:

Copiable text;

Your application has now been built and branded.

Add users to your OnDMARC SAML App

Click on Users and groups as shown below and add the users and or groups you'd like to be able to sign on to the app.

Get the metadata file

Next, get the metadata file and send it to the OnDMARC team or your dedicated Customer Success Engineer to provision SAML for your account.

From the navigation sidebar, go back to Single sign-on. In the SAML Signing Certificate section, next to Federation Metadata XML, click the Download link. Send the downloaded XML file to the OnDMARC team.

Once we have provisioned SAML on our end we will let you know and you can proceed with the last step. This can take a few business days to process.

Once we've implemented it on the back end, any user (including the owner) can only log in to the Platform from the IdP app created.

If you want to invite other users to access the unified platform, they will need to be invited from the OnDMARC profile screen, and once they've accepted the invite, login via the IdP app. For more details, visit this KB article.


Note: The SAML enforcement is no longer enforced at the Account Level but now at the Domain Level, so if you want to have an "Emergency - Break Glass" account, you must add a user outside of your domain.

Did this answer your question?