In the Admin application for Azure Active Directory, go to Enterprise Applications and  select New Application.

Search for TonicDM and add it.


Select Properties, set User assignment required to No and then Save at the top of the page.
See the notes at the bottom of the page for discussion on this.


Select  Single sign-on.

In the Single Sign-on screen:

Turn on View and edit all other user attributes

Click on givenname and delete the text in the namespace field, then click OK

Do the same for surname.

The SAML Tokens Attributes will now look like this:

Now add the following SAML Token Attributes:

Name                      Value                               Namespace
displayname           user.displayname          leave blank      then click OK
jobtitle                     user.jobtitle                    leave blank      then click OK
telephonenumber  user.telephonenumber  leave blank      then click OK
city                           user.city                          leave blank      then click OK
streetaddress          user.streetaddress        leave blank      then click OK

Note: 

  • If givenname and surname attributes are not set as above, a new user account will not be created in TonicDM. The other attributes are optional for automatic new user creation. The values of these for each user are set in:
        Azure Active Directory > Users and Groups > All Users > username > Profile
  • To have a TonicDM Office Location set for the newly created user, the Azure AD attributes city and streetaddress should be set. TonicDM will match the city attribute to an Office Location in TonicDM, or if no match is found, it will copy these values to create a new one.

Save your work.  ("Save" is at the top of the panel)

The next steps involve collecting the information needed by TonicDM and emailing us at support@tonicdm.com.

Send TonicDM the Required Information

Download the Certificate - Base64 file, rename the file to remove the .cer extension (otherwise Outlook will block it) and attach it to the email. 


At the bottom of the page click on Configure TonicDM then copy the three bulleted URLs into the email. Be sure to include the full URLs as shown.

To recap: your email should include the following information:

  • SAML Single Sign-On Service URL
  • SAML Sign-Out URL 
  • SAML Entity ID URL
  • The Certificate - Base64 file renamed to remove the extension

then send the email to support@tonicdm.com.

Next Step: Deploy the Add-in to Outlook for Users

https://help.tonicdm.com/how-to-guides/instructions-for-computer-system-administrators/deploy-the-outlook-add-in-to-all-staff

Notes

Assigning Users to the TonicDM Enterprise Application

We recommend setting User Assignment is set to No.
If User Assignment is set to Yes in 

    Azure Active Directory > Enterprise Applications > All Applications > TonicDM > Properties

then all staff you want to give access need to be specified in:

    Azure Active Directory > Enterprise Applications > All Applications > TonicDM > Users and Groups

Click Add User and you will be able to select from your firm’s users. Remember to click Select and Assign at the bottom of the panels!

Note: if you are not paying for Azure AD P2 then you'll need to assign TonicDM access to users' individual accounts. You can only assign by group with P2 (which is why we recommend setting User Assignment is set to No). If you have P2 and elect to assign by group, note that only top-level groups are supported (not nested groups).

Did this answer your question?