https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/saml-toolkit-tutorial
Make sure you have permission like Application Administrator to add or manage applications in Azure AD
Configure SAML with the following information, you may change the server name (www.ryarc.net) correspondingly.
According to the Roles returned from Azure AD, we create different roles with the same name in CMService, and assign them with different permissions. For example, ‘VPN-Users’ from Active Directory will automatically be granted the CMService role ‘VPN-Users’ .
Download and copy Metadata XML from the link in the last screenshot into folder “C:\Program Files (x86)\Ryarc CampaignManager 7\Ryarc CM Service\CMService\App_Data”
Rename the XML as ‘SSO-xxxx.xxx.xml’. ‘xxxx.xxx’ is the corporate email suffix.
Add key value pair under AppSettings in CMService web.config
The key name should be ‘SSO-xxxx.xxx’, ‘xxxx.xxx’ is the corporate email suffix. So it is as same as the filename of the XML The value is the Azure AD identifier as shown in the last screenshot.
Login Realm and configure the domain using the Azure AD with its identifier. It is the value of the key just added in web.config.