Configuring SAML SSO Between Mailsac and Microsoft Entra

Before we start, ensure that you have admin rights on both Mailsac and Microsoft Entra.

Configuring Microsoft Entra

  1. Sign in to the Entra Admin Center at Entra Admin Center.

  2. From the left-hand menu, choose “Enterprise apps”.

    ../../../../_images/enterprise_applications_sidebar.png

    Select “Enterprise Apps” from the left-hand menu.

  3. Click “New application”.

    ../../../../_images/new_application.png

    Click “New application”.

  4. In the section page titled “Browse Microsoft Entra Gallery” select “Create your own application”.

    ../../../../_images/create_your_own_application.png

    Select “Create your own application”.

  5. In the “Add your own app” section, click on “Non-gallery application”. Enter a name for the application (for example, “Mailsac SSO”) and click “Create”.

    ../../../../_images/name_of_application.png

    Click “Non-gallery application”.

  6. On the left-hand menu of your new application, click “Single sign-on”. From the single sign-on method page, click “SAML”.

    ../../../../_images/sso_saml_method.png

    Click “Single sign-on” then “SAML”.

  7. The “Set up Single Sign-On with SAML” page appears. In the “Basic SAML Configuration” section, click “Edit” to open the settings. You’ll need to add Mailsac’s Entity ID (Identifier) and Reply URL (Assert URL), which are available on the Mailsac SAML page.

    ../../../../_images/basic_saml_configuration.png

    Click “Edit” in the “Basic SAML Configuration” section then add the Entity ID and Reply URL.

  8. In the “Attributes & Claims” section, you will need to send the Unique User Identifier (Name ID) to Mailsac. The default for this should be acceptable.

    ../../../../_images/user_attributes_and_claims.png

    Click “Edit” in the “Attributes & Claims” section then add the Unique User Identifier (Name ID).

  9. In the “SAML Certificate” section, download the SAML Certificate (Base64). We’ll need this when configuring the Mailsac side of things.

    ../../../../_images/saml_certificate.png

    Click “Download” in the “SAML Certificate” section.

#. In the “Set up {Your Enterprise Application Name}” section, copy the “Login URL” and “Microsoft Entra Identifier” values. We’ll need these when configuring the Mailsac to work with Entra.

../../../../_images/setup_mailsac_sso.png

Copy the “Login URL” and “Microsoft Entra Identifier” values.

  1. In the “Users and Groups” item in the sidebar, you can add users and groups that will be able to sign in to Mailsac using Azure AD.

    ../../../../_images/users_and_groups.png

    Click “Users and Groups” in the sidebar.

Configuring Mailsac

  1. Sign in to Mailsac.

  2. Navigate to the Mailsac SAML page.

  3. Copy and paste the SAML Certificate (Base64), that you downloaded from Azure AD, into the “Identity Provider Certs” field.

    ../../../../_images/identity_provider_certs.png

    Paste the SAML Certificate (Base64) into the “Identity Provider Certs” field.

  4. Set “Name ID Format” to “urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress”.

    ../../../../_images/name_id_format.png

    Set “Name ID Format” to “urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress”.

  5. In the “Identity Provider Settings”, paste the “Entity ID” and “Login URL” from Microsoft Entra.

    ../../../../_images/identity_provider_settings.png

    Paste the “Entity ID” and “Login URL” from Microsoft Entra into the “Identity Provider Settings” section.

  6. The final step is to add a team user to Mailsac. Open the API Keys and Users page and click “Manage Users”. Add a user with the same name as their Azure AD email address.

    ../../../../_images/add_sub_account.png

    Click “Manage Users” and add a team user with the same name as their Microsoft Entra email address.

Now, Mailsac and Entra should be set up for SAML SSO. Users will be able to sign in to Mailsac using their Microsoft Entra credentials.