Configuring SAML SSO Between Mailsac and Microsoft Azure Active Directory

Before we start, ensure that you have admin rights on both Mailsac and Azure AD.

Configuring Azure AD

  1. Sign in to the Azure portal.

  2. Search for and select “Azure Active Directory”.

  3. From the left-hand menu, choose “Enterprise applications”.

    ../../../../_images/enterprise_applications_sidebar.png

    Select “Enterprise Applications” from the left-hand menu.

  4. Click “New application”.

    ../../../../_images/new_application.png

    Click “New application”.

  5. In the section page titled “Browse Azure AD Gallery” select “Create your own application”.

    ../../../../_images/create_your_own_application.png

    Select “Create your own application”.

  6. In the “Add your own app” section, click on “Non-gallery application”. Enter a name for the application (for example, “Mailsac SSO”) and click “Create”.

    ../../../../_images/name_of_application.png

    Click “Non-gallery application”.

  7. On the left-hand menu of your new application, click “Single sign-on”. From the single sign-on method page, click “SAML”.

    ../../../../_images/sso_saml_method.png

    Click “Single sign-on” then “SAML”.

  8. The “Set up Single Sign-On with SAML” page appears. In the “Basic SAML Configuration” section, click “Edit” to open the settings. You’ll need to add Mailsac’s Entity ID (Identifier) and Reply URL (Assert URL), which are available on the Mailsac SAML page.

    ../../../../_images/basic_saml_configuration.png

    Click “Edit” in the “Basic SAML Configuration” section then add the Entity ID and Reply URL.

  9. In the “User Attributes & Claims” section, you will need to send the Unique User Identifier (Name ID) to Mailsac. The default for this should be acceptable.

    ../../../../_images/user_attributes_and_claims.png

    Click “Edit” in the “User Attributes & Claims” section then add the Unique User Identifier (Name ID).

  10. In the “SAML Certificate” section, download the SAML Certificate (Base64). We’ll need this when configuring the Mailsac side of things.

    ../../../../_images/saml_certificate.png

    Click “Download” in the “SAML Certificate” section.

  11. In the “Set up mailsac sso” section, copy the “Login URL” and “Azure AD Identifier” values. We’ll need these when configuring the Mailsac side of things.

    ../../../../_images/setup_mailsac_sso.png

    Copy the “Login URL” and “Azure AD Identifier” values.

  12. In the “Users and Groups” item in the sidebar, you can add users and groups that will be able to sign in to Mailsac using Azure AD.

    ../../../../_images/users_and_groups.png

    Click “Users and Groups” in the sidebar.

Configuring Mailsac

  1. Sign in to Mailsac.

  2. Navigate to the Mailsac SAML page.

  3. Copy and paste the SAML Certificate (Base64), that you downloaded from Azure AD, into the “Identity Provider Certs” field.

    ../../../../_images/identity_provider_certs.png

    Paste the SAML Certificate (Base64) into the “Identity Provider Certs” field.

  4. Set “Name ID Format” to “urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress”.

    ../../../../_images/name_id_format.png

    Set “Name ID Format” to “urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress”.

  5. In the “Identity Provider Settings”, paste the “Entity ID” and “Login URL” from Azure AD.

    ../../../../_images/identity_provider_settings.png

    Paste the “Entity ID” and “Login URL” from Azure AD into the “Identity Provider Settings” section.

  6. The final step is to add a sub-account user to Mailsac. Open the API Keys and Users page and click “Manage Users”. Add a user with the same name as their Azure AD email address.

    ../../../../_images/add_sub_account.png

    Click “Manage Users” and add a sub-account with the same name as their Azure AD email address.

Now, Mailsac and Azure AD should be set up for SAML SSO. Users will be able to sign in to Mailsac using their Azure AD credentials.