Azure Single Sign On (Admin Synchronisation - Azure API) connects your Azure Active Directory to your Phriendly Phishing account for company administrative requiring access to the Phriendly Phishing portal. When an administrator is configured in your Azure AD, they will automatically synchronise as a company administrator in your Phriendly Phishing account. When an administrator is removed from your Azure AD, they will be removed from your Phriendly Phishing account.
This help article will take you through setting up Azure Single Sign-On to allow administrators to log into the Phriendly Phishing Portal using their Azure credentials.
- Create a New Enterprise Application in Azure AD
- Assign Groups to Application
- Configure Single Sign-On (SSO)
- Configure Phriendly Phishing Portal
Note: It is required to have an Azure Active Directory tenant. You will also be required to have a security group within Azure AD that contains all admin that you would like to added into Phriendly Phishing portal.
Note: There requires a change to be made by Phriendly Phishing before starting this process.
Please email email@example.com to inform us you would like to use Admin Azure AD Synchronisation.
If this is not done you will receive the below error when logging in.
1. Sign in to the Azure Active Directory Portal.
2. Select Enterprise applications.
3. Select New application then Create your own application.
4. Enter a name for your application, choose the option "integrate any other application you
don't find in the gallery" and select Create to add the new application. Once added it should open up to the application overview.
Assign Groups to Application
1. On the Overview page of the application, select Users and Groups.
2. Select Add user/group.
3. Select User and Groups to search the group/s you want to assign.
4. Select Assign
Configure Single Sign-On (SSO)
1.In the Overview page of the application Select Single Sign-on.
2. Select SAML.
3. Select Edit on Basic SAML configuration.
4. Select Add Identifier and Add Reply URL to enter the below information.
Reply URL: https://launch.phriendlyphishing.com/company_admin/saml/acs
5. Select Save.
6. In section 3 select Download Certificate (Base64)
Open the .cert file downloaded with notepad and copy all the text to the clipboard.
Go to https://www.samltool.com/fingerprint.php and paste the copied text on X.509 Cert field then
select Algorithm “sha256” and click on “Calculate fingerprint”
Copy and save the Formatted FingerPrint to use later in the guide.
7. In section 4, copy and save the Login URL and Logout URL to use later in the guide.
1. Log in to your Phriendly Phishing account and select Settings then User Synchronisation.
2. Select Admin SSO Set Up, expand 'Admin Synchronisation' then select Azure API
Then select Log Into Azure and sign-in.
Note: The minimum requirement for this account is to be assigned the Application Administrator role within your Azure environment.
1. Add the group name/s that you previously assigned in the application and select Save. Note: it will need to be an exact match to the group name in your Azure AD.
2. Scroll down and expand SSO Setting to select Azure.
3. Use the details you have saved previously to fill in the fields from the configuring SSO section of this guide.
Sign-in page URL: Login URL from step 7
Logout page URL: Logout URL from step 7
Certificate fingerprint: Formatted Fingerprint from step 6
Then select Save Settings.
4. Select Enabled for SSO Settings.
5. Select Enabled for Admin Synchronisation.
6. Select Trigger Sync.
7. When you refresh the page you will be signed out and can log back in via the Sign in with Azure option.
8. You can see the select the notifications icon to see the summary of the admin sync.
You have now completed the implementation of Azure Single Sign On (Admin Synchronisation - Azure API)!