Set up in Azure Active Directory admin center
1. Login to your Office 365 and then navigate to Admin centers. You will of course need to be an admin in order to be able to see this page.
2. Under Admin centers choose Azure Active Directory.
3. Go to Azure Active Directory.
4. Go to Custom domain names to check if you have added and verified your domain name.
5. Domain used and verified on AppsCo should be the same as domain used in Azure.
6. In order to set up Azure as IdP on AppsCo, AppsCo should be registered as new application. Go to App registrations.
7. Use New registration button to register AppsCo.
8. On ''Register an application'' page enter information as described bellow:
- Name: enter the title of the application - AppsCo
- Supported account types: select ''Accounts in this organizational directory only''
- Redirect URI - select ''Web'' from the drop down and enter the following URI: https://appsco.com/saml/acs
9. Once the application is created you will be sent to ''Overview'' page. You will need to fill out the additional settings.
10. Go to Branding page and enter the following information:
- You can upload AppsCo logo (optional)
- Under Home page URL enter: https://appsco.com
- Under Terms of Service URL enter: https://appsco.com/public/terms
- Under Privacy Statement URL enter: https://appsco.com/public/privacy
Once you're done, click Save to save your settings.
11. Navigate to Authentication page. The redirect URI which you registered should be there already. Scroll down to Advanced settings.
Under Logout URL enter: https://appsco.com/logout
12. Scroll down to Implicit grant section, and check ''ID tokens''.
13. Default client type should be set to No.
14. Supported account types should be set to ''Accounts in any organizational directory''.
Click save when you're done.
15. Navigate to API permissions. If there are no delegated permissions added, click on Add a permission button.
16. Choose Microsoft Graph
17. As a type of permissions choose ''Delegated permissions''.
18. Scroll down to User, and check User.Read (Sign in and read user profile).
Click Add Permissions button in the bottom to add selected permissions.
19. Navigate to Expose an API and click on ''Add a scope''.
20. Under Application ID URI, enter the URI of your tenant in front of the number code (for example: https://yourcompany.onmicrosoft.com - see the image bellow). Click Save and Continue.
21. Fill out the form with information as described bellow:
- Under Scope name enter: user_impersonation
- For ''Who can consent'' choose Admins and users
- Under ''Admin consent display name'' enter: Access AppsCo SAML
- Under ''Admin consent description'' you can enter the description. For example: Allow the application to access AppsCo SAML on behalf of the signed-in user.
- Under ''User consent display name'' and ''User consent description'' you can enter the same information as for admin.
- Under State choose ''Enabled''.
Click Add Scope to complete the set up.
22. Go back to the Overview page, and navigate to Endpoints.
23. Find Federation metadata document, copy the URL and open it in browser. You can save it as an .xml file.
24. Go back to the Overview page and copy the Application ID.
To continue the setup, open AppsCo in another browser, login to you account and navigate to your Company.
Set up in AppsCo
25. Navigate to your Company > Company Settings and open IdP Settings by clicking on the Manage button.
26. From the list of verified domains choose the domain matching the one added in Azure and click Manage.
If you can not find the domain you wish to set up it is because it is not verified on AppsCo. You can go back to Company Settings > Domains and verify the domain.
27. In IdP Settings for the chosen domain, add a title and choose the integration type from a dropdown - Office 365.
A setup form will expand so you can enter the information you copied in Azure.
28. Enter the Application ID which you copied from the application you registered on Azure Active Directory.
29. Upload the metadata .xml file which you created before.
30. Click Save to save the setup.
Your Office 365 as IdP for the selected domain is now configured.
You can always deactivate it by clicking Deactivate button on IdP Settings in AppsCo. This will also reset all settings.
If you have any questions, please send us an email to firstname.lastname@example.org