How to set up Office 365 / Azure AD SSO IIS server?

Follow

Securly supports single sign-on using Azure AD, in addition to authentication via G Suite and Microsoft AD. This gives schools a wider array of authentication options depending upon the devices and environments they use.

Securly Azure AD Prerequisites:

  1. Securly accounts must be set to Azure school type.
  2. Windows Server 2008 or greater is available for Securly to install IIS. 
  3. Server 2008 and 2008R2 need to preinstall Microsoft .NET 4.5.  Server 2012,2012r2, 2016, and 2019 have this version built into the OS. Download from Microsoft at .NET Framework 4.5.2 (Offline Installer) 
  4. Azure AD Connect should be set up to upload users from local Active Directory to Azure Active Directory. 
  5. All Windows and Mac computers are joined to the domain. This will prevent pop-ups on workstations asking for usernames and passwords each time. 

Note that Securly does not recommend installing Securly Azure AD on a server already running an IIS. 

Hardware Requirements:

  Small Medium Large
User Count 0 - 10,000  10,000 - 40,000 40,000 +
CPU 4 6 8
RAM 8 GB 12 GB 16 GB
Hard Drive 40GB 40 GB 40 GB

 

Install Steps:

  1. Download and unzip the Securly Azure ADSSO Install Files_Feb2021.zip 
  2. At the Elevated/Administrative PowerShell, enter: "Set-Execution Policy Unrestricted "
  3. Then run AzureInstall.ps1.
  4. The script will install IIS, copy files, and set permissions.
  5. When the script is done, it will open the C:\inetpub\wwwroot\securlysso\ folder. If you are using email as your primary identifying field. Copy the 2 files from C:\inetpub\wwwroot\securlysso\mail to C:\inetpub\wwwroot\securlysso\ and replace. 
  6. The script will also open the file c:\inetpub\wwwroot\securlysso\ServerInfo.txt. This will also have additional information needed for testing. 
  7. Once deployed, verify that the site and file are accessible from clients on your network in the format - Authentication URL: http://<servername>/securlysso/securlysso.aspx

Securly UI Setup:

  1. You will now be able to log into Securly Administrator console at http://www.securly.com.
  2. Anyone that is a Global Administrator in Azure will be able to login to Securly. 
  3. In the Securly Admin User Interface, go to Policy Editor - > Global Settings.
  4. The Global Settings will have an Intranet Address field that shows a URL that matches the Global Settings Intranet Address from ServerInfo.txt - Format http://<servername>/securlysso        Nucleus UI view  restrict_google_login.png Older UI view Azure_Intranet_Address.png
  5. Once the Intranet Address is set correctly, it is best to do an OU import.  

OU Import:

  1. Click on the Policy map and then click on the cloud to import. This will initiate a call to the IIS server to query the domain and upload users and OUs to Securly.  This must be done from inside the network to communicate to the Securly IIS server and Domain Controller.
  2. You can now go ahead and assign policies to any new OUs that you may have imported.

Have more questions? Submit a request

Comments