Configuring permissions in your SafeTitan portal is the last step in setting up access to Azure AD, SSO and DMI. You'll need to do this for each of the three applications — AD, SSO and DMI — as described below.
Azure Active Directory (AD) Sync
In your SafeTitan portal, select User Manager > AD Sync Configuration.
On the next screen, select the Azure AD Sync tab.
To enable Azure AD synchronization with the portal, select the Enable Azure AD Sync checkbox.
Populate your Application ID and Secret that you noted in the previous steps, along with the Tenant ID.
Configure the user fields with their Active Directory attribute.
Select Save.
To start synchronization, select Trigger Sync Now.
Single Sign On (SSO)
In your SafeTitan portal, select Configuration > Authentication Settings.
From the Authentication Type dropdown menu, select OpenIdConnect.
-
For each of the fields, enter the following details:
Post logout redirect URL: https://[your_domain_name].safetitan.com/auth/osignedin, where you need to enter your company's domain in [your_domain_name].
Redirect URL: https://[your_domain_name].safetitan.com/auth/osignedin, where you need to enter your company's domain in [your_domain_name].
-
Authority: This field must be entered in one of the following two ways:
https://login.microsoftonline.com/[Your_Tenant_ID]
-
https://login.microsoftonline.com/common
Note
The word common in the URL denotes Microsoft’s common gateway, meaning the indirect path to login.
Client ID: This is the Application ID you were given in Step 6 when you registered an application in the Microsoft Azure App Registration Portal.
Client Secret: This is the password/secret value generated when you created an Application Secret.
Domain Hint: your-domain.com
Username Claim: If left blank, this defaults to preferred username. Note that it can be updated to a claim of your choosing; for example, a UPN (user principal name) claim could be: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn.
Select Save.
Direct Mail Injection
In your SafeTitan portal, select Configuration > Phishing Email Settings.
On the next screen, select the Microsoft Graph API Delivery tab.
Enter the Tenant ID, and select Save.
Select the Microsoft Graph API Phishing Email Delivery checkbox. (On/Checked)
Select Manual Azure Graph API Application.
Populate the Application (client) ID field and the Client Secret field. (Note that in Azure they are referred to as Client ID and Secret Value.)
Select Save Graph API Settings.