This article is intended for the Administrator & Partner User Roles. What is a User Role? 
Overview
Single Sign On (SSO) is an authentication process that allows a user to access multiple applications with one set of login credentials. SSO is a common procedure in enterprises, where a client accesses multiple distrusted resources with one single login. There are few protocols available to implement the SSO most common are SAML (Security Assertion Markup Language) and OAuth.
In almost all of the SSO protocols there are two important entities, identity provider and service provider.
Figure: Illustrates the basic functionality of the different roles service provider and identity provider play in the Single Sign-On
Veroxos uses SAML as the method to implement the SSO as it is the most secure and widely used protocol.
Identity Provider
An identity provider performs the authentication to identify who the end user is and sends that data to the service provider. Some popular examples of identity providers are Active Directory, OneLogin and Okta. Identity providers can also provide advanced user authentication such as two factor login and network-based validation.
Service Provider
A service provider needs the authentication from the identity provider to grant authorization to the user. In our case Veroxos is the service provider.
Security Assertion Markup Language (SAML)
Security Assertion Markup Language is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions.
Microsoft 365 SSO Setup Guide
Requirements
To setup the SSO with M365 there are few requirements that need to be met:
- The user logged in to setup SSO needs to be a Global Admin
- The user logged in to setup needs to have either P2 or Enterprise Mobility + Security E5 license assigned. (This can be also be availed for the trial period just to setup)
To get the trial license please follow the steps below.
Click on the “Get a free premium trial to use this feature” and click the free trial button below for any of the licenses.
Setup
Please login to the Microsoft Office Admin portal via https://www.office.com/?auth=2 and go to the admin portal and then click on the sidebar and select the Azure active directory.
In the active directory please select “Enterprise applications” and then “New application”.
Then select “Non-Gallery application” and in the popup sidebar please enter the application name. Veroxos recommend using “Veroxos” as the application name and hit the Add button below. Please note that it may take a few moments to create a new application.
Once the application is created you will be presented with the following screen. Please select the “2. Set-up single sign-on”.
In this screen please select “SAML” as the method for SSO.
You will be presented with the following screen. Please scroll down to section 4 and copy the “Azure AD Identifier”. You have to email us that link to configure the SSO.
Now by scrolling up, you will see the option to “upload the metadata file”. Please click on this button.
Please select the provided XML file and click “Add” button
You will see a popup on the side to confirm the setting imported. Please click on the “Save” button above.
Now MS365 will ask you to test the settings. Please click on the “No, I’ll test it later”.
Now please click on the “User and groups” option on the sidebar and then click on the “add user” button.
Please add all of the users or groups that require access to the Veroxos application.