Azure Active Directory (Azure AD) is a cloud-based user authentication service, used by Office 365, to manage identities and authentication. MOQI lets you integrate your portal with Azure Active Directory to synchronize passwords and set up Single Sign-On (using its SAML configuration).
To do this:
Step 1: Enable SAML support in your portal.
1. Sign in to your MOQI account as the main Administrator.
2. Select Home > System settings > Single Sign On > SAML.
3. Check option Enable SAML support (1).
Step 2: create MOQI application in Azure AD.
1. Open the Microsoft Azure portal (https://portal.azure.com/) and select Azure Active Directory (1).
2. In the Manage listselect Enterprise applications (2). On the panel that appears, click New application (3).
3. Select Non-gallery application (1),set a name (2), click Add (3) and wait for it to be created.
Step 3: Allow users to access MOQI application.
1. You can find the MOQI application in Azure Active Directory > Enterprise applications > MOQI.
2. In the Manage list, select Users and groups (1). On the panel that appears, click Add user (2).
3. Add the users/groups you want from the list, or by searching for them and by clicking Select.
4. When all the users/groups have been selected click Assign.
Step 4: Add the Azure AD Single sign-on configuration date to MOQI SAML settings.
1. Open the MOQI application, you can find it in Azure Active Directory > Enterprise applications > MOQI.
2. In the Manage list, select Single sign-on (1). On the panel that appears, click SAML (2).
3. Azure AD SAML configuration has 5 different sections, which you will need to edit.
Proceed with editing the first section.
Click on the editing icon (Basic SAML Configuration, top-right corner). You will need to add the respective URL from MOQI SAML settings to Azure AD. To do that, access your MOQI portal as System Administrator and go to Home > System settings > Single Sign-On > SAML. Enter the URLs in Azure AD – Basic SAML Configuration:
Identifier | your MOQI URL address |
Reply URL | Assertion Consumer Service URL |
Logout URL | Single Logout Service URL |
Note: In the following image you will see matching numbers. You will need to transfer the URL from MOQI SAML settings (right) to Azure AD settings (left). Use the numbers to match the respective information.
Note: azure-saml.dev.moqi.pt (1) is used in this guide as an example, in your case it should be your own MOQI URL.
4. When you are done select Save and proceed with editing the second section in Azure, User Attributes and Claims. This section is about the information Azure will send to MOQI , so you will be doing the reverse process.
The URLs on the left called claims will need to be copied to MOQI’s relevant SAML fields. Copy and paste the Azure value to the corresponding MOQI SAML field. Here is a table for your convenience.
Azure Value | MOQI SAML field |
user.mail | TargetedID, Email |
user.givenname | First name |
user.surname | Last name |
Note: In the following image you will see matching numbers. You will need to transfer the URL from Azure AD settings (left) to MOQI SAML settings (right). Use the numbers to match the respective information.
Note: The claims value can be customized to contain any value. We are using the Azure user’s email for both Email and TargetedID, which means that on MOQI the user’s email will also be his/her username. We recommend this option to reduce compatibility issues.
5. Copy the Thumbprint (1) and paste it into the Certificate Fingerprint on MOQI SAML settings.
6. You will need to enter the provided URLs in the fourth section into MOQI SAML as follows.
Azure | MOQI |
Login URL | Remote Sign-in URL |
Azure AD Identifier | Identity Provider |
Logout URL | Remote Sign-out URL |
Note: In the following image you will see matching numbers. You will need to transfer the URL from Azure AD settings (left) to MOQI SAML settings (right). Use the numbers to match the respective information.
7. After entering the above data in their respective entry field, click on SAVE in MOQI portal.