Moss

___________________________________________________________

This can be done by an Admin or an IT person in your company. 

To configure SSO for Microsoft Azure, you need to follow these steps to set it up properly.

Click on “Enterprise applications / New application” &gt; “Create your own application”

Select “Integrate any other application you don’t find in the gallery (Non-gallery)”

Click “Create” at the bottom of the page (this may take a while)

1. Login to your Active Directory 
2. Click on “Enterprise applications / New application” &gt; “Create your own application”
    
   
    
3. Enter the name “Moss” for your App 
4. Select “Integrate any other application you don’t find in the gallery (Non-gallery)”
    

5. Click “Create” at the bottom of the page (this may take a while)

Before you start assigning users make sure that you created an application with Microsoft Azure in the step before. In this step we will specify what users / user groups are allowed to login to the Moss app.

Create the application in the previous step 

Click on “Add user/group” and add single users or groups of users from the list.

1. Create the application in the previous step 
2. Click on “User and Groups”
 
 
 
3. Click on “Add user/group” and add single users or groups of users from the list.

By copying some parameters Azure can check if the expected service is going to use identity service.

Select “Single sign-on” and select “SAML”

In a separate tab open Moss &gt; Click “Settings” &gt; “SAML SSO” 

Copy values from Moss “SP Entity ID” “SP ACS URL” and “SP Logout URL”

Paste them into the Active Directory settings (Section 1):

1. Select “Single sign-on” and select “SAML”
 
 
 
2. In a separate tab open Moss &gt; Click “Settings” &gt; “SAML SSO” 
3. Copy values from Moss “SP Entity ID” “SP ACS URL” and “SP Logout URL”
 
 
 
4. Paste them into the Active Directory settings (Section 1):
 
 
 
5. The entered values would look like this:
 
 
 
6. Scroll down and enter the Logout URL

Next, you need to ensure needed user attributes are exposed to the Moss app.

In order to deliver that you need to edit section 2 of the SAML configuration in Azure:

The following attributes should be present. The fields should be populated automatically when the admin selects the appropriate parameters.: 

1. In order to deliver that you need to edit section 2 of the SAML configuration in Azure:
2. The following attributes should be present. The fields should be populated automatically when the admin selects the appropriate parameters.: 

<a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" rel="nofollow noopener noreferrer" target="_blank">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</a> - user.mail

- <a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" rel="nofollow noopener noreferrer" target="_blank">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</a> - user.mail
 - Needed to match user to Moss account

<a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" rel="nofollow noopener noreferrer" target="_blank">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname</a> - user.givenname

<a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" rel="nofollow noopener noreferrer" target="_blank">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname</a> - user.surname

<a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone" rel="nofollow noopener noreferrer" target="_blank">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone</a> - user.mobilephone

- <a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" rel="nofollow noopener noreferrer" target="_blank">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname</a> - user.givenname
- <a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" rel="nofollow noopener noreferrer" target="_blank">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname</a> - user.surname
 - Needed for card creation
- <a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone" rel="nofollow noopener noreferrer" target="_blank">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone</a> - user.mobilephone 
 - (OPTIONAL) for 3DS feature

3. Finally, the page would look like this:

URLs allow initiation of SSO. Certificate ensures SSO requests could be trusted by Moss platform as originating from a proper Azure account.

You need to copy these information from the Microsoft Azure Active Directory to the corresponding Moss SSO fields.

1. You need to copy these information from the Microsoft Azure Active Directory to the corresponding Moss SSO fields.

- Login URL 
- Entity ID and certificate

2. Open Moss and click “Settings” &gt; “SAML SSO”

3. Paste the information into the corresponding fields

4. Click “Save” (bottom of the page) and finally enable SSO by enabling the toggle button.

How to set up SSO with Microsoft Azure

Germany: +49 30 311 93 730

Netherlands: +31 20 241 4803

UK: +44 20 457 12718

Email: support@getmoss.com

Imprint

Find answers and get help from Intercom Support and Community Experts

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Title

Track the progress of all tickets related to your company.

Tickets portal.

{assigneeName} needs more information from you

Who can set up SSO with Microsoft Azure

How to set up SSO with Microsoft Azure

Create an Application

Assign Users

Configuring SSO for the Moss application

Exposing user attributes

How to set up SSO on the Moss platform