Adding Office 365

Note: Once this integration is enabled all access to Office 365 will require the use of MFA via SSO. 

Note: Hybrid Office 365 deployments are not supported. If you are using a hosted Exchange Server with an Office 365 domain this integration is not compatible.

Note: Office 365 domains configured via ADFS (Active Directory Federated Services) is not compatible.

Note: Using a Server 2012 Essentials server that has been federated with Office 365 is not compatible with this integration.

Note: Trial versions of Office 365 are not compatible with this integration.

Note: Use of a @company.onmicrosoft.com user account to manage the federated domain is required.

Note: Thick Clients will need to support and have Modern Authentication enabled to allow a federated login. 

Setting up Office 365 in your Passly Tenant

  1. Select Directory Manager.
  2. Select Groups.
    Select the Blue plus sign in the bottom right corner.
    kb2.PNG
    Name the Group Office 365 Users.
    Note: If you have other existing Groups for SSO users you can use one of these as well.
    Select ADD GROUP.
  3. Select SSO Manager.
  4. Select the Blue plus sign in the bottom right corner.
    kb2.PNG
  5. Select the Catalog Icon.
    kb4.PNG
  6. Select Office 365.
    o2.PNG
  7. Set your Microsoft Office 365 Online settings. You will need to enter the following.
    Managed Domain:
    Your @company.onmicrosoft.com username
    Password:

    Passly supports federated signin and synchronization with Office 365, which is also known as Microsoft Online Services or Microsoft Azure Active Directory.

    Federation is configured with these settings.
    Managed Domain: This is the domain used to identify the tenant
    Management Username: The *.onmicrosoft.com admininstrative account username used to synchronize user details
    Password: The management account password


    o3.PNG

     

  8. Select Verify Compatibility. You should see the following message if the domain information is successfully verified.
    o6.PNG
  9. Set your desired Deep Linking into Office 365 Applications
    Select which applications should show up on the launchpad so users can launch directly into them.
    o5.PNG
  10. Select Application Configuration.
    Ensure that the Application is enabled.
    o4.PNG
  11. Select the desired Authentication Policy.
  12. Select Add Application.
  13. Select Office 365.
  14. Configure Synchronization.
    Passly supports synchronizing from the Universal Directory to Office 365.
    Enable Synchronization: Enable or disable synchronizing the Universal Directory with Office 365.
    UserName Mapping: The Passly attribute used in place of the user's User Principal Name.
    Default User License: A license can be applied to users when provisioned if Office 365 has been enabled.
  15. Select Permissions.
  16. Select Add Groups.
    Select the Group you chose in Step 2.
  17. Select Save Changes.

 

Advanced Settings

Prerequisites for Configuring Office 365 Federation


Configuring Office 365 Federation

  1. Open PowerShell and connect to the Office 365 services.
    $creds = Get-Credential -Username -Message "Configure Office 365 Federation"
    Connect-MSOLService -Credential $creds
  2. Execute the following script. This will enable federation with the required Passly settings. 
    $domain = ""
    $issuer = "https://(<My-Tenant).my.passly.com/trust"
    $passiveLogon = "https://(<My-Tenant).my.passly.com/trust/launch"
    $activeLogon = "https://(<My-Tenant).my.passly.com/services/trust/2005/mixed"
    $mexUri = "https://(<My-Tenant).my.passly.com/services/trust/mex"
    $signingCert = 
    Note: The actual Signing cert will be displayed in the tenant when you Add the Application.
    Note: Replace (<My-Tenant) with your actual On-Demand tenant 

    Set-MsolDomainFederationSettings -DomainName $domain -IssuerUri $issuer -PassiveLogOnUri $passiveLogon -ActiveLogOnUri $activeLogon -MetadataExchangeUri $mexUri -SigningCertificate $signingCert
  3. Verify the configuration was applied. Run this command and check that the output matches the parameters specified above.
    Get-MsolDomainFederationSettings -DomainName $domain 

 

Username attributes

If you are using a non-email format for your Passly usernames like the following:

  • john.smith
  • jsmith

You might need to add a suffix to the organization to enable MFA authentications from thick clients like Skype for Business / Outlook.

Follow these steps to add a Suffix to the organization to support the use of non-email address usernames.

  1. Select Directory Manager.
    1.PNG
  2. Select Organizations.
    2.PNG
  3. Select the target organization.
    3.PNG
  4. Select Edit
    5.PNG
  5. Add the Principal Name Suffix to include the @domain. Example:
    4.PNG
    Note: Use the Office 365 domain that you are federating for the Principal Name Suffix including the @ symbol.
  6. Select Save changes.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us