All Collections
Getting Started
For Enterprise IT Professionals
Setting Up SSO with Microsoft
Setting Up SSO with Microsoft

This article is for IT professionals who wish to connect TonicDM to their enterprise Microsoft Identity.

Updated over a week ago

This article is intended for IT professionals.

Microsoft Entra, Microsoft Identity, Azure Active Directory and AAD are all words for the same thing. Below we refer to it as Entra.

With Microsoft Identity / Microsoft Entra (formerly known as Azure AAD) integration, your staff can use TonicDM without manually setting up an account or remembering another password. Instead they can log into TonicDM using their corporate username and password. This simplifies user management for your firm and streamlines your staff's experience.

If you have Office 365 then you have Entra! There is no extra charge for this integration, so contact us today to get it turned on for your firm.

How To

In the Admin application for Entra, go to Enterprise Applications and select New Application.

Search for TonicDM and add it.

Select Properties and set User assignment required to No and then Save at the top of the page.
See the notes at the bottom of the page for discussion on this.


Select  Single sign-on and choose SAML

Edit "Box 1"

  • Don't change the existing Identifier (Entity ID) setting:  https://app.tonicdm.com/saml/metadata

  • Don't change the existing Reply URL (Assertion Consumer Service URL) setting:  https://app.tonicdm.com/saml/callback

  • Enter  https://app.tonicdm.com  for the Sign on URL

  • Enter https://app.tonicdm.com/home for the Relay State

  • Logout URL can be left blank

If the Identifier (Entity ID) still says Required, refresh your browser page.

The next steps involve collecting the information needed by TonicDM and emailing us at support@tonicdm.com.

Send TonicDM the Required Information

Download the Certificate - Base64 file from box 3 and attach it to an email. 
Copy the App Federation Metadata URL and paste it into the body of that email.
Send the email to support@tonicdm.com.

TonicDM Support will configure our side of the SSO settings and turn on SSO for your organization.

Next Step: Deploy the Add-in to Outlook for Users

https://help.tonicdm.com/en/articles/3500007-deploy-the-outlook-button-to-staff

Notes

It is not necessary to provision user accounts in TonicDM. When a new user authenticates with Azure AD, TonicDM will create their account on the fly.

Assigning Users to the TonicDM Enterprise Application

We recommend setting User Assignment is set to No.
If User Assignment is set to Yes in 

    Azure Active Directory > Enterprise Applications > All Applications > TonicDM > Properties

then all staff you want to give access need to be specified in:

    Azure Active Directory > Enterprise Applications > All Applications > TonicDM > Users and Groups

Click Add User and you will be able to select from your firm’s users. Remember to click Select and Assign at the bottom of the panels!

Note: if you are not paying for Azure AD P2 then you'll need to assign TonicDM access to users' individual accounts. You can only assign by group with P2 (which is why we recommend setting User Assignment is set to No). If you have P2 and elect to assign by group, note that only top-level groups are supported (not nested groups).

Related Articles
Deploying TonicDM in your Organization
Setting Up Okta for SSO
Deploy the Outlook button to Staff
Deploy the Microsoft Teams Add-in
Setting Up SSO with Google
Did this answer your question?