Uncategorized

Office 365 SSO Setup as Service Provider

Posted authxwp

Office 365 (Service Provider) configuration steps

Note: Please make sure you have onmicrosoft.com domain is also active for your domain and there is a user with admin privileges.

Authxsecurity.com is sample domain.

  1. Install Azure Active Directory PowerShell Module (If not installed)
    1. Open Powershell from windows search as administrator.

    2. Install-Module MSOnline (copy and paste in powershell, then enter)
    3. Type “Y” or” A”(if shown) to trust the provider (repeat this in below steps if shown).

    4. Install-Module AzureAD (copy and paste in powershell, then enter)

    5. Import-Module AzureAD (copy and paste in powershell, then enter)
    6. Import-Module MSOnline (copy and paste in powershell, then enter)

2. Protect Office 365 application in AuthX portal with the domain name – Authxsecurity.com and save. Edit the Office365 application and download the “Authx Script“ file. Note: Make sure in Authx portal username@authxsecurity.com user should be active

3. Run the downloaded script file “Authx Script“ in powershell with Admin rights and type “Y” or” A”(if shown) to trust the provider. If it shows any error like “connect-msonline is not recognized“ then go to Step1

4. If file doesn’t get executed, open Powershell from windows search with Admin rights and follow below steps.

5. Enter the below command. In the pop-up that appears, enter username and password of your Office 365 administrator account.

Connect with MsolService using the following command.

(a) Connect-MsolService

(b) Get-MsolDomain

(c) This command will show a list of domains.

6. Copy the text from $dom to $uri from script file as shown in below snippet and run it in powershell.

7. Run the below command to enable SSO in Office 365.

a) Set-MsolDomainAuthentication -DomainName $dom -FederationBrandName $dom -Authentication Federated -PassiveLogOnUri $url -SigningCertificate $cert -IssuerUri $uri -LogOffUri $logouturl -PreferredAuthenticationProtocol SAMLP

8. To test the configuration, use the following command.

a)    Get-MSolDomainFederationSettings -DomainName “authxsecurity.com ” | Format-List *

9. To change back the setting back to normal login, use the following command.

a)    $dom = “authxsecurity.com” (copy from script file)

b)    Set-MsolDomainAuthentication -DomainName $dom -FederationBrandName $BrandName -Authentication Managed

Leave a Reply