Moss

___________________________________________________________

This can be done by an Admin or an IT person in your company. 

To configure SSO for Microsoft Azure, you need to follow these steps to set it up properly.

Click on “Enterprise applications / New application” &gt; “Create your own application”

Select “Integrate any other application you don’t find in the gallery (Non-gallery)”

Click “Create” at the bottom of the page (this may take a while)

1. Login to your Active Directory 
2. Click on “Enterprise applications / New application” &gt; “Create your own application”
    
   
    
3. Enter the name “Moss” for your App 
4. Select “Integrate any other application you don’t find in the gallery (Non-gallery)”
    
   
    
5. Click “Create” at the bottom of the page (this may take a while)

Before you start assigning users make sure that you created an application with Microsoft Azure in the step before. In this step we will specify what users / user groups are allowed to login to the Moss app.

Create the application in the previous step 

Click on “Add user/group” and add single users or groups of users from the list.

1. Create the application in the previous step 
2. Click on “User and Groups”
 
 
 
3. Click on “Add user/group” and add single users or groups of users from the list.

By copying the parameters, Azure can check if the expected service is going to use identity service.

Click on “Single sign-on” and select “SAML”

In a separate tab open Moss &gt; click on “Settings” &gt; “SAML SSO”

Copy values from Moss “SP Entity ID” “SP ACS URL” and “SP Logout URL”

Paste them into the Active Directory settings (Section 1):

1. Click on “Single sign-on” and select “SAML”
 
 
 
2. In a separate tab open Moss &gt; click on “Settings” &gt; “SAML SSO” 
 
3. Copy values from Moss “SP Entity ID” “SP ACS URL” and “SP Logout URL”
 
 
 
4. Paste them into the Active Directory settings (Section 1):
 
 
 
5. The entered values would look like this:
 
 
 
6. Scroll down and enter the Logout URL

Next, you need to ensure that the needed user attributes are exposed to the Moss app.

In order to do that you need to edit section 2 of the SAML configuration in Azure:

The following attributes should be present. The fields should be populated automatically when the admin selects the appropriate parameters.: 

1. In order to do that you need to edit section 2 of the SAML configuration in Azure:
2. The following attributes should be present. The fields should be populated automatically when the admin selects the appropriate parameters.: 

<a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" rel="nofollow noopener noreferrer" target="_blank">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</a> - user.mail

- <a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" rel="nofollow noopener noreferrer" target="_blank">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</a> - user.mail
 - Needed to match user to a Moss account

<a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" rel="nofollow noopener noreferrer" target="_blank">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname</a> - user.givenname

<a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" rel="nofollow noopener noreferrer" target="_blank">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname</a> - user.surname

<a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone" rel="nofollow noopener noreferrer" target="_blank">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone</a> - user.mobilephone

- Needed for 3DS (Optional - Alternatively users will need to fill in their phone number by themselves once they have access to Moss) 

- <a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" rel="nofollow noopener noreferrer" target="_blank">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname</a> - user.givenname
 
- <a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" rel="nofollow noopener noreferrer" target="_blank">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname</a> - user.surname
 - Needed for card creation
 
- <a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone" rel="nofollow noopener noreferrer" target="_blank">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone</a> - user.mobilephone 
 - Needed for 3DS (Optional - Alternatively users will need to fill in their phone number by themselves once they have access to Moss)

3. Finally, the page would look like this:

URLs allow initiation of SSO. The certificate ensures SSO requests can be trusted by the Moss platform as originating from a proper Azure account.

You need to copy these information from the Microsoft Azure Active Directory to the corresponding Moss SSO fields.

1. You need to copy these information from the Microsoft Azure Active Directory to the corresponding Moss SSO fields.

- Login URL 
- Entity ID and certificate

2. Open Moss and go to “Settings” &gt; “SAML SSO” &gt; "Edit configuration"

3. Paste the information into the corresponding fields

4. Click “Save” and finally enable SSO by enabling the toggle button.

How to set up SSO with Microsoft Azure

Germany: +49 30 311 93 730

Netherlands: +31 20 241 4803

UK: +44 20 457 12718

Email: support@getmoss.com

Imprint

Find answers and get help from Intercom Support and Community Experts

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Title

Track the progress of all tickets related to your company.

Tickets portal.

{assigneeName} needs more information from you

Who can set up SSO with Microsoft Azure

How to set up SSO with Microsoft Azure

Create an Application

Assign Users

Configuring SSO for the Moss application

Exposing user attributes

How to set up SSO on the Moss platform