Skip to main content

Example of enabling Azure SSO for Agari Phishing Defense

  • Updated

Disclaimer: Most of these steps are done inside Azure AD and are subject to change at Microsoft's discretion. The screenshots and links may change as Microsoft updates their systems. Agari and HelpSystems Technical Support may not be able to offer assistance with this process, and may direct you to contact Microsoft Azure Support for further help.

 

Below is an example of how you can configure SSO between Agari and Azure. 

  1. Login to Azure  
  2. Navigate to Enterprise applications - All applications.
  3. Choose + New application .

    mceclip12.png
  4. Choose Non-gallery application.mceclip1.png
  5. Choose a Name for the application.   
    mceclip2.png
  6. OPTIONAL: Choose Properties, upload a logo, and click Save.mceclip3.png
  7. Select Single sign-on and select SAML as the sign-on method.mceclip4.png
  8. Populate the Identifier (Entity ID) as illustrated on step 11 ep.agari.com.
  9. Populate the Reply URL (Assertion Consumer Service URL) as illustrated in step 11.
    https://<domain>.ep.agari.com/auth/saml/callback
  10. Populate the Sign-on URL (Optional) as illustrated on step 11 (This URL contains the sign-in page for this application that will perform the service provider-initiated single sign-on. Leave it blank if you want to perform an identity provider-initiated single sign-on). 
    https://<domain>.ep.agari.com
  11. Then click Save and close the Basic SAML Configuration window.mceclip5.png
  12. Download the Certificate (Base64).mceclip6.pngCopy the Login URL.image2019-5-3_7-50-38.png
  13. Navigate to Users and Groups and select Add user.image2019-5-3_7-50-48.png
  14. Choose your relevant Agari user(s) and then click Select.mceclip7.png
  15. Then choose Assign.mceclip8.png
  16. Login to Agari Phishing Defense.
    https://<domain>.ep.agari.com
  17. Navigate to Manage > Organizations.
  18. Scroll down to the User Account Settings section and choose to Enable next to Single Sign-On.
  19. Paste the Azure Login URL (previously copied from Azure portal).
  20. Open the Certificate (Base64) in notepad and select the contents as-is in their entirety.
  21. Copy and paste the Azure Certificate (Base64) note contents as-is in their entirety.
  22. Then click the Test Settings button.Example_of_enabling_Azure_SSO_for_Agari_Phishing_Defense-1.png
  23. If prompted, select the Azure AD account you wish to test with.
  24. If the test is successful, click Save Settings.
  25. Click OK to confirm the switch over to Single Sign-on.
  26. NOTE: Existing Agari users will be notified they need to reactivate against Azure AD. Sample email below:mceclip10.png
  27. Sample of an APD user selecting Authenticate with Identify Provider via their emailed reactivation link.image2019-5-3_7-54-40.png
  28. Test logging into to Agari Phishing Defense via Azure AD SSO.
  29. Configure at least one user with fail-over or local-only authentication (a common best practice is to use a shared account, such as a help desk or publicly mail-enabled team distribution list. For audit trail purposes, it may be best to only use such an account for disaster recovery purposes).
  30. Navigate to Manage > Users (https://<domain>.ep.agari.com/users).
  31. Select at least one User, select the Secondary Authentication checkbox, select the fail-over option you prefer, enter and document the password, and then click Update.Example_of_enabling_Azure_SSO_for_Agari_Phishing_Defense-2.png

 

BEST PRACTICE RECOMMENDATIONS

  • Retire/remove any APD users that are no longer needed.
  • Prior to the SSO switchover, notify your remaining users to expect the Agari/Azure activation email.
  • After your SSO implementation is validated, establish an Organization Administrator user that utilizes local authentication.
    Example:Example_of_enabling_Azure_SSO_for_Agari_Phishing_Defense-3.png

 

 

 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.