Create the application in Azure AD
Go to https://aad.portal.azure.com to load the Azure Active Directory admin center
On the sidebar, under Manage, select Enterprise applications
Click on New application
On the app browser, select Create your own application
Give it a name (eg: OnDMARC), and select Integrate any other application you don't find in the gallery
Once the app is created, let's set the app properties.
Go to https://static.ondmarc.com/marketing/icons/logo-ondmarc-95x95.png and download our OnDMARC logo.
Then, on the app side bar, select Properties and under Logo browse for the downloaded logo. Then Save your changes.
Now, we'll set up SAML SSO. On the app sidebar, under Manage, select Single sign-on
Select SAML as the sign-on method
Use the information in this article for Step 1 of the SAML setup: https://knowledge.ondmarc.redsift.com/en/articles/3061569-saml-registration-with-marketplace-providers.
Fill in the Basic SAML Configuration as shown below, using the information from the article earlier and make sure that the two tick-boxes circled on the right are ticked.
NOTE: Do not add trailing slash at the end of the URLs. Create them exactly as shown below.
Click on Save.
It should look like the screenshot below:
Your application has now been built and branded.
Add users to your OnDMARC SAML App
Click on Users and groups as shown below and add the users and or groups you'd like to be able to sign on to the app.
Get the metadata file
Next, get the metadata file and send it to the OnDMARC team or your dedicated Customer Success Engineer to provision SAML for your account.
From the navigation sidebar, go back to Single sign-on. In the SAML Signing Certificate section, next to Federation Metadata XML, click the Download link. Send the downloaded XML file to the OnDMARC team.
Once we have provisioned SAML on our end we will let you know and you can proceed with the last step. This can take a few business days to process.
Once we've implemented it on the back end, any user (including the owner) can only log in to the Platform from the IdP app created.
If you want to invite other users to access the unified platform, they will need to be invited from the OnDMARC profile screen, and once they've accepted the invite, login via the IdP app. For more details, visit this KB article.
Note: The SAML enforcement is no longer enforced at the Account Level but now at the Domain Level, so if you want to have an "Emergency - Break Glass" account, you must add a user outside of your domain.