Connecting Office 365
Introduction
You can use an Identity Provider defined into Soffid to connect to Office 365. You only need to register the Office 365 metadata into a Soffid Service Provider and register the Identity Provider Metadata into your Office 365.
At this tutorial Soffid explain how to connect to Office 365 using PowerShell.
Step By Step
If necessary you can install the Azure AD module for Windows PowerShell
Install-Module MSOnlineThen you can connect to the service
Connect-MsolServiceWhen you executed the connect method, a new window will be open to login Microsoft in as administrator domain user.
Once you have logged in, youcould execute some commands to configure the connection to Office 365:
- Register-PSRepository -Default: registers a PowerShell repository
- Get-MsolDomain: displays the registered domains in Azure Active Directory.
- GetMsolDomainFederationSettings: get the settings for a federated domain
- Set-Msoldomain -Name <YOUR_DOMAIN> -isdefault: set as default one domain
- Set-MsolDomainAuthentication -DomainName <YOUR_DOMAIN> -Authentication federated: set as federated a specific domain.
In order to connect Office 365, one can use the following script:
$dom = "<Your demain>"
$BrandName = "<Your company>"
$LogOnUrl = "https://<Your Soffid IdP>/profile/SAML2/POST/SSO"
$LogOffUrl = "https://<Your Soffid IdP>/profile/SAML2/POST/SLO"
$ecpUrl = "https://<Your Soffid IdP>/SAML2/POST/PAOS"
$MyURI = "<Your Soffid IdP>"
$MySigningCert = "<Your certificate in Base64>";
# "MIIGaDCCBVCgAwIBAgIQAWdkq9pxzP/bK+Mlym5y5zANBgkqhkiG9w0BAQsFADBeMQswCQY....
$Protocol = "SAMLP"
# To enable
Set-MsolDomainAuthentication -DomainName $dom -FederationBrandName $BrandName -Authentication Federated -PassiveLogOnUri $LogOnUrl -SigningCertificate $MySigningCert -IssuerUri $MyURI -LogOffUri $LogOffUrl -PreferredAuthenticationProtocol $Protocol
# To disable
# Set-MsolDomainAuthentication -DomainName $dom -Authentication Managedhttps://docs.microsoft.com/en-us/powershell/module/cimcmdlets/?view=powershell-7.2