How to set up Office 365 / Azure AD SSO IIS server?


Securly supports single sign-on using Azure AD, in addition to authentication via G Suite and Microsoft AD. This gives schools a wider array of authentication options depending upon the devices and environments they use.

Securly Azure AD Pre-requisites:

  1. Securly account must be set to Azure school type.
  2. Windows Server 2008 or greater available for Securly to install IIS. 
  3. Server 2008 and 2008R2 need to preinstall Microsoft .NET 4.5.  Server 2012,2012r2, 2016, and 2019 have this version built into the OS. Download from Microsoft at .NET Framework 4.5.2 (Offline Installer) 
  4. Azure AD Connect should be set up to upload users from local Active Directory to Azure Active Directory. 
  5. All Windows and Mac computers are joined to the domain. This will prevent pop-ups on the workstations asking for usernames and passwords each time. 

Note: Securly does not recommend installing Securly Azure AD on a server already running an IIS. 

Hardware Requirements:

  Small Medium Large
User Count 0 - 10,000  10,000 - 40,000 40,000 +
CPU 4 6 8
RAM 8 GB 12 GB 16 GB
Hard Drive 40GB 40 GB 40 GB


Install Steps:

  1. Download and unzip the  Securly Azure ADSSO Install
  2. At an elevated/Administrative PowerShell enter: " Set-ExecutionPolicy Unrestricted "
  3. Then run AzureInstall.ps1.
  4. The script will install IIS, copy files, and set permissions.
  5. When the script is done it will open the C:\inetpub\wwwroot\securlysso\ folder. If you are using mail as your primary identifying field. Copy the 2 files from C:\inetpub\wwwroot\securlysso\mail to C:\inetpub\wwwroot\securlysso\ and replace. 
  6. The script will also open the file c:\inetpub\wwwroot\securlysso\ServerInfo.txt. This will also have additional information needed for testing. 
  7. Once deployed verify that the site and file are accessible from clients on your network in the format - Authentication URL: http://<servername>/securlysso/securlysso.aspx

Securly UI Setup:

  1. You will now be able to log into Securly Administrator console at
  2. Anyone that is a Global Administrator in Azure will be able to login to Securly. 
  3. In the Securly Admin User Interface go to Policy Editor - > Global Settings.
  4. The Global Settings will have Intranet Address field that shows an URL that matches the Global Settings Intranet Address from ServerInfo.txt - Format http://<servername>/securlyssoAzure_Intranet_Address.png
  5. Once the Intranet Address is set correctly, it is best to do an OU import.  

OU Import:

  1. Click on Policy map and then click on the cloud to import. This will initiate a call to the IIS server to query the domain and upload users and OUs to Securly.  This must be done from inside of the network to communicate to the Securly IIS server and Domain Controller.
  2. You can now go ahead and assign policies to any new OUs that you may have imported.
Have more questions? Submit a request