Uncategorized

SAML Configuration for Office 365

Posted authxwp

Overview

AuthX integrates with Security Assertion Markup Language (SAML) to add two-factor authentication to Office 365. This SAML integration works for different web services

System Requirements

AuthX Authentication for server operating systems.

Server

  • Windows Server 2012

  • Windows Server 2012 R2

  • Windows Server 2016

  • Windows Server 2019

AuthX Factor Support

AuthX for SAML support these factor types for 2FA:

  • Push

  • TOTP

  • Face

  • Pin

  • Phone SMS

  • Phone Call

  • Email

  • Fingerprint

  • RFID

  • Hardware Token

Configuration Steps on AuthX

Pre-Requisite

  1. Make sure to have an AuthX account, you can signup here https://admin.authx.com/signup

  2. Make sure to have an Office 365 account, you can signup here https://www.office.com/

    1. The email id which we are using while account creation should be an Active user (same email ID) in AuthX portal & Office 365

AuthX Admin portal – Office 365 application creation steps

  1. Login to AuthX Admin portal.

  2. Navigate to the Applications tab

  3. Click Protect Application and select Protect for Office 365

  4. Provide your inputs on the Application Name, Access Management Options, Domain Name, Cookies Expiry and Attribute

    1. Application name – Random characters allowed

    2. Access Management Options

      1. SSO with AuthX Identity

        1. Login using AuthX Registered Email address and password followed by the authentication factor enrolled for the user

      2. SSO with 3rd party Identity Provider (Under Construction)

        1. Login using configured 3rd party SAML identity provider

      3. SSO with MFA for 3rd Party Identity Provider (Under Construction)

        1. Login using configured 3rd party SAML identity provider followed by authentication factor enrolled for the user in AuthX

      4. Passwordless SSO with AuthX Identity

        1. Use any of the enrolled authentication factor in AuthX to access the application

    3. Cookies Expiry

      1. Select any options listed here

        1. One time

          1. On every login, user to provide the Username & Password while login

        2. 8 hours

          1. Every 8 hours, user to provide the Username & Password while login

        3. One day

          1. Every 24 hours, user to provide the Username & Password while login

        4. Max (7days)

          1. 7 days once, user to provide the Username & Password while login

6. Save the application

7. Again Choose Office365 application and edit it

8. Download the Script from application

Office 365 Configuration (How to Run the Script)

  1. Pre-requisite – Make sure you have a authx domain active user in Authx Company

  2. Open the Microsoft PowerShell and run in Administrator Mode

  3. Go to Downloads Folder and open the downloaded script in Notepad

  4. Copy the First line from the script opened in note pad and paste it in PowerShell and Press Enter

  5. Following pop-up window appears and provide the Office 365 admin credentials here

  6. Copy remaining script till last but one line from the notepad and paste in the PowerShell and Press Enter

  7. Finally, copy the last line from the notepad and paste in the PowerShell and Press Enter

SAML as SP – Office365 (SSO with AuthX Identity)

  1. Go to https://www.office.com/ and provide the user credentials

  2. A new tab opens up SAML login

  3. Login with the user portal credentials here

  4. Use any of the Auth factors to successfully login

  5. User redirected to Office 365 dashboard

SAML as SP and Office 365 (Passwordless SSO with AuthX Identity)

  1. Go to https://www.office.com/ and provide the user credentials

  2. A new tab opens up SAML login. Provide registered user email id.

  3. Use any of the Auth factors to successfully login

  4. User redirected to Office 365 dashboard

Leave a Reply