In the Admin application for Azure Active Directory, go to Enterprise Applications and select New Application.
Search for TonicDM and add it.
Add " App" to the Name to differentiate it from previous TonicDM configurations
set User assignment required to No and then Save at the top of the page.
See the notes at the bottom of the page for discussion on this.
Select Single sign-on and choose SAML
Edit "Box 1"
There will be an existing Identifier (Entity ID) which needs to be edited to add
app.as a prefix to
tonicdm.comThe resulting Identifier (Entity ID) will be:
https://app.tonicdm.com/saml/callbackfor the Reply URL (Assertion Consumer Service URL)
https://app.tonicdm.comfor the Sign on URL
https://app.tonicdm.com/homefor the Relay State
Logout URL can be left blank
Edit "Box 2"
Click on user.givenname (not the ... ) and delete the text in the namespace field, then click Save.
Do the same for user.surname.
The SAML Tokens Attributes will now look like this:
Now add the following claims:
Name Source attribute Namespace
displayname user.displayname leave blank then click Save
jobtitle user.jobtitle leave blank then click Save
telephonenumber user.telephonenumber leave blank then click Save
city user.city leave blank then click Save
streetaddress user.streetaddress leave blank then click Save
If givenname and surname attributes are not set as above, a new user account will not be created in TonicDM. The other attributes are optional for automatic new user creation. The values of these for each user are set in:
Azure Active Directory > Users and Groups > All Users > username > Profile
To have a TonicDM Office Location set for the newly created user, the Azure AD attributes city and streetaddress should be set. TonicDM will match the city attribute to an Office Location in TonicDM, or if no match is found, it will copy these values to create a new one.
Save your work. ("Save" is at the top of the panel)
The next steps involve collecting the information needed by TonicDM and emailing us at firstname.lastname@example.org.
Send TonicDM the Required Information
Download the Certificate - Base64 file from box 3 and attach it to an email.
At the bottom of box 4 click on View step-by-step instructions then copy the three bulleted URLs in the Quick Reference into the email. Be sure to include the full URLs as shown.
To recap: your email should include the following information:
SAML Single Sign-On Service URL
SAML Sign-Out URL
SAML Entity ID URL
The Certificate - Base64 file renamed to remove the extension
then send the email to email@example.com.
Next Step: Deploy the Add-in to Outlook for Users
It is not necessary to provision user accounts in TonicDM. When a new user authenticates with Azure AD, TonicDM will create their account on the fly.
Assigning Users to the TonicDM Enterprise Application
We recommend setting User Assignment is set to No.
If User Assignment is set to Yes in
Azure Active Directory > Enterprise Applications > All Applications > TonicDM > Properties
then all staff you want to give access need to be specified in:
Azure Active Directory > Enterprise Applications > All Applications > TonicDM > Users and Groups
Click Add User and you will be able to select from your firm’s users. Remember to click Select and Assign at the bottom of the panels!
Note: if you are not paying for Azure AD P2 then you'll need to assign TonicDM access to users' individual accounts. You can only assign by group with P2 (which is why we recommend setting User Assignment is set to No). If you have P2 and elect to assign by group, note that only top-level groups are supported (not nested groups).