Create the application in Azure AD
Go to https://aad.portal.azure.com to load the Azure Active Directory admin center
On the sidebar, under Manage, select Enterprise applications
Click on New application
On the app browser, select Create your own application
Give it a name (eg: OnDMARC), and select Integrate any other application you don't find in the gallery
Once the app is created, let's set the app properties.
Go to https://static.ondmarc.com/marketing/icons/logo-ondmarc-95x95.png and download our OnDMARC logo.
Then, on the app side bar, select Properties and under Logo browse for the downloaded logo. Then Save your changes.
Now, we'll set up SAML SSO. On the app sidebar, under Manage, select Single sign-on
Select SAML as the sign-on method
Use the information in this article for Step 1 of the SAML setup: https://knowledge.ondmarc.redsift.com/en/articles/3061569-saml-registration-with-marketplace-providers.
Fill in the Basic SAML Configuration as shown below, using the information from the article earlier and make sure that the two tick-boxes circled on the right are ticked.
NOTE: Do not add trailing slash at the end of the URLs. Create them exactly as shown below.
Click on Save.
It should look like the screenshot below:
Your application has now been built and branded.
Add users to your OnDMARC SAML App
Click on Users and groups as shown below and add the users and or groups you'd like to be able to sign on to the app.
Get the metadata file
Next, get the metadata file and send it to the OnDMARC team or your dedicated Customer Success Engineer to provision SAML for your account.
From the navigation sidebar, go back to Single sign-on. In the SAML Signing Certificate section, next to Federation Metadata XML, click the Download link. Send the downloaded XML file to the OnDMARC team.
Once we have provisioned SAML on our end we will let you know and you can proceed with the last step. This can take a few business days to process.
Once we've implemented it on the back end, the OnDMARC account Owner can only logon to the Platform from the Idp. For other users to access the unified platform, they would need to be provisioned in Azure AD as additional users but also be invited one by one from OnDMARC via Idp acess. Users will then need to accept the invitation Email in order to login from the Idp side (ex: myapp.microsoft.com)
Once SAML is implemented, users can only access OnDMARC from the Idp side (Azure).
Important: The login is no longer enforced at the Account Level but now at the Domain Level.