1. Log in to the Azure portal as a Global Administrator or Co-admin.
2. In the portal, on the left navigation panel, select Azure Active Directory.
3. To manage (create) users for the future SSO login using Azure AD, under the Manage section in the Azure Active Directory navigation panel, select Users > All users:
https://portal.azure.com/#blade/Microsoft_AAD_IAM/UserManagementMenuBlade/Overview/menuId/
4. Create a new enterprise application:
- In the Azure Active Directory navigation panel, select Enterprise applications.
- Click New Application, then Non-gallery application.
- On the Add your own application page, set the name for the new application (“userauth.dotcom-monitor.com”) and click Add.
https://portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/Overview/menuId/
5. Edit application metadata to add dotcom-monitor groups:
- In the Azure Active Directory navigation panel, select App registrations.
https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps
- Click the “userauth.dotcom-monitor.com” application, then under the Manage section, select Manifest.
- In the web-based manifest editor, add the following roles under appRoles node and Save:
{ "allowedMemberTypes": [ "User" ], "displayName": "Dotcom-Monitor_Power_Users", "id": "b9632174-c057-4f7e-951b-be3adc52baaa", "isEnabled": true, "description": "Dotcom-Monitor_Power_Users", "value": "Dotcom-Monitor_Power_Users" }, { "allowedMemberTypes": [ "User" ], "displayName": "Dotcom-Monitor_Users", "id": "b9632174-c057-4f7e-951b-be3adc52babc", "isEnabled": true, "description": "Dotcom-Monitor_Users", "value": "Dotcom-Monitor_Users" }, { "allowedMemberTypes": [ "User" ], "displayName": "Dotcom-Monitor_Accounting_Users", "id": "b9632174-c057-4f7e-951b-be3adc52bbbb", "isEnabled": true, "description": "Dotcom-Monitor_Accounting_Users", "value": "Dotcom-Monitor_Accounting_Users" }, { "allowedMemberTypes": [ "User" ], "displayName": "Dotcom-Monitor_ReadOnly_Users", "id": "b9632174-c057-4f7e-951b-be3adc52bccc", "isEnabled": true, "description": "Dotcom-Monitor_ReadOnly_Users", "value": "Dotcom-Monitor_ReadOnly_Users" }, { "allowedMemberTypes": [ "User" ], "displayName": "Dotcom-Monitor_Operators", "id": "b9632174-c057-4f7e-951b-be3adc52bddd", "isEnabled": true, "description": "Dotcom-Monitor_Operator_Users", "value": "Dotcom-Monitor_Operator_Users" },
5. Edit SSO settings:
- In the Azure Active Directory navigation panel, select Enterprise applications, click All application.
https://portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/AllApps/menuId/
- Click the “userauth.dotcom-monitor.com” application.
- Under the Manage section, select Single sign-on.
- Select SAML to configure single sign-on. On the Set up Single Sign-On with SAML – Preview page configure the basic SAML options:
Identifier: “https://userauth.dotcom-monitor.com/” Reply URL: “https://userauth.dotcom-monitor.com/Login.ashx” Unique User Identifier: “user.userprincipalname”
- Select the Edit icon (a pencil) in the upper-right corner of the User Attributes and Claims section and add the new attributes:
Name: “Roles” Value: “user.assignedroles”
- Select the Edit icon (a pencil) in the upper-right corner of the SAML Signing Certificate section.
- In the SAML Signing Certificate section click Download Metadata XML and save it to the disk. This file must be sent to dotcom-monitor.com support.
- Check Make new certificate active ( only after downloading metadata ) and confirm the action.
- Check Show advanced certificate signing settings and set SHA-256 as the signing algorithm.
- Click Save.
6.Assign roles:
- In the Azure Active Directory navigation panel, select Enterprise applications, click All application.
https://portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/AllApps/menuId/
- Click the “userauth.dotcom-monitor.com” application, then select Users and groups.
- Click Add user, select user, select role (one of dotcom-monitor roles), click Assign. Do it for all users needed.
7. Send metadata.xml to dotcom-monitor support. Login into your account and submit a ticket.