Managing your accountSso mailosaur microsoft entra

Configure Single Sign On (SSO) with Mailosaur and Microsoft Entra

Prerequisites

Mailosaur's Entra ID integration supports authentication via SAML and SCIM provisioning (depending on plan level).

Before beginning, ensure that you have:

  • A Mailosaur account with SSO enabled. SSO is available on the Enterprise plan, and as an optional bolt-on to the Professional plan.
  • Access with the role of Account Administrator.
  • A Microsoft Entra subscription.

Supported Features

  • SP-initiated SSO
  • JIT (Just-In-Time) provisioning
  • SCIM provisioning (Enterprise plan only)

Configuration Steps

Follow these steps if you wish to integrate Microsoft Entra and Mailosaur using SAML.

1. Configuration within Microsoft Entra

To configure the integration of Mailosaur into Microsoft Entra ID, you need to add Mailosaur from the gallery to your list of managed SaaS apps.

  1. Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
  2. Browse to Identity > Applications > Enterprise applications > New application.
  3. In the Add from the gallery section, type "Mailosaur" into the search box.
  4. Select Mailosaur from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
  5. When the app is added to your tenant, select Single sign-on from the navigation sidebar.
  6. On the Select a single sign-on method page, select SAML.
  7. In the Basic SAML Configuration section, click Edit to edit the configuration.
    1. In the Identifier (Entity ID) text box, type the URL: https://id.mailosaur.com/saml
    2. In the Reply URL text box, type the URL: https://mailosaur.com/__/auth/handler
    3. In the Sign on URL text box, type a URL using the following pattern: https://mailosaur.com/sso/{company}, where {company} is replaced with a short name for your organisation (e.g. acmecorp). Remember this Sign on URL as you will need it below.
    4. Save your changes to Basic SAML Configuration.
  8. In the SAML Certificates section, locate App Federation Metadata Url and copy the value, you will need this later.

2. Verify your company domain in Mailosaur

So that your users can be automatically redirected to Microsoft Entra if they try to log in via the Mailosaur login page, you need to verify that you own the domain in their email address (for example, if your users used some.person@example.com, you would verify ownership of example.com). To do this:

  1. Log into the Mailosaur Dashboard.
  2. Click Admin (cog icon) in the top-right of the screen, then select Domains.
  3. Click Add Domain and type in the domain that you wish to verify (e.g. example.com)
  4. Leave all other options unchanged, and click Add Domain.
  5. Follow the on-screen instructions to verify that you own this domain (contact our support team if you're unsure how to do this).

3. Setup SSO within Mailosaur

  1. If you are not already logged in, then log into the Mailosaur Dashboard.
  2. Click Admin (cog icon) in the top-right of the screen, then select Single Sign-On.
  3. Select your verified domain from the list of domains (see step above if you haven't verified a domain yet).
  4. From the list of Identity providers, choose Microsoft Azure AD / Entra.
  5. Now fill in the Identity provider (IdP) metadata URL field. The value for this is the App Federation Metadata Url that you copied above and can be found on the Single sign-on tab within the Microsoft Entra admin center.
  6. Paste in this value and click Save.

SSO is now configured on your account. You can optionally choose to enable JIT (Just-In-Time) Provisioning, which will automatically add any new users onto your account when they first log into Mailosaur.

You can also make SSO mandatory (however, you must first log in with Okta before you can do this).

Users can now log in via the URL shown on-screen e.g. https://mailosaur.com/sso/{company}

SCIM

Supported Features

  • Create users
  • Update user attributes
  • Deactivate users
  • Push groups

Configuration Steps

Generate a token for use with SCIM

  1. Log into the Mailosaur Dashboard.
  2. Click Admin (cog icon) in the top-right of the screen, then select API keys.
  3. Click Create Key, name the new key SCIM and click Create Key again.
  4. Find the newly-created key and click Reveal Key, copy the revealed value for use later (below).

Configuring provisioning in Microsoft Entra

  1. Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
  2. Browse to Identity > Applications > Enterprise applications and locate/click on Mailosaur.
  3. Navigate to Provisioning.
  4. Click Get Started, then select provisioning mode Automatic.
  5. Input the following Admin Credentials:
    1. In the Tenant URL field enter https://mailosaur.com/api/scim/
    2. In the Secret Token field enter the key generated above (see Generate a token for use with SCIM).
    3. Click Test Connection
    4. Once the connection is successfully tested, click Save

Known Issues / Troubleshooting

Please reach our team at support@mailosaur.com if you encounter any issue.

See also