Contents x
    Pre-Requisites for Office365 configuration
    • 30 Jan 2024
    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Pre-Requisites for Office365 configuration

    • Updated on 30 Jan 2024
    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article summary

    Ensure all Pre-requisites for Office365 SAML configuration

    Before starting to configure, you must gather the following pre-requisites:

    1. Identify the Office365 domain for which SAML SSO is to be enabled
    2. Collect SAML Configuration details from Office 365
    3. Collect SAML Configuration details from Cross Identity
    4. Enable the PowerShell Tool with the required libraries and configurations

    Identify Office365 Domain

        This section describes the steps to identify the Office 365 domain.

    1. Open PowerShell with Admin rights
    2. Connect with MsolService using the following command

    > $cred = Get-Credential

    Note:
    In the pop-up, enter the username and password of your Office365 administrator account.

         3. Connect with MsolService using the following command:

    >Connect-MsolService -Credential $cred

         4. List all Office365 Domains by running the command:

    >Get-MsolDomain

    It shows the list of domains available in the subscription.

         5. Identify the Office365 domain for which SAML SSO will be enabled. Ensure that "Authentication" of the selected domain is set as "Managed".

    Note:
    • SSO can be enabled only for domains that are verified in Azure AD
    • SSO cannot be enabled for "onmicrosoft.com" domains that Microsoft creates
    • SSO cannot be enabled for the default domain (the primary domain in which users are created). It is only configured for custom domains.

    Configuring SAML on a Test domain before enabling it on the Production domain is recommended. Create a new one if you don't have a test domain in the existing Office365 subscription. Refer to Appendix 1 for detailed steps to create a custom domain in the Office365 subscription.

    Collect SAML Configuration details from Office 365

    Sr.

    No.

    Office365 SAML details

    Description

    Values

    1

    O365 ACS URL

    This is the SP's ACS URL 

    of Office 365

    https://login.microsoftonline.com/login.srf

    2

    O365 Entity ID

    This is Office365 

    SAML Entity ID

    urn:federation:MicrosoftOnline

    3

    Subject Identifier

    This is the Subject ID 

    for the SAML token

    Select the CI User attribute where the “GUID” value is stored.

    Refer to the Note section in Step#3 below.

    4

    O365 Certificate

    The Public Key Certificate 

    (.cer file format) of 

    Office 365, if any

    This is optional. This is required only if Office365 is configured to sign the SAML Auth request. By default, it does not sign the auth request. Hence this certificate is not required.

    5

    O365 Domain Name

    The domain for which 

    SAML SSO to be enabled

    Follow Step#1 (below section) to get the domain from Office 365

    Collect SAML Configuration details from Cross Identity

    Sr. 

    No.

    Cross Identity 

    IdP details

    Description

    Example

    1

    SAML 

    Entity ID

    This is the entity ID 

    of Cross Identity IdP.

    https://Crossidentity.ilantus.com/

    2

    IdP Login URL

    This is the IdP Login

     URL of Cross Identity.

    https://Crossidentity.ilantus.com/CIDSaas/default/user/spsso

    3

    IdP Logout URL

    This is the IDP logout 

    URL of Cross Identity.

    https://Crossidentity.com/CIDSaas/default/user/slo

    4

    Cross Identity 

    Certificate

    The Public Key Certificate 

    (in .cer file format) 

    of Cross Identity.

    Download this file from Cross Identity. 

    For ex: "C:\ Downloads\CIIdPCert.cer"

    Enable Powershell Tool

    The PowerShell tool is used for configuring SAML on Office365. Before starting the configuration steps, it needs to ensure that the tool is configured with the required libraries and configurations.

    Ensure the “MSOnline” library is installed on the tool:

    1. Admin access to Office365 Subscription.
    2. Admin access to Cross Identity Solution.
    3. MSOnline PowerShell for Azure Active Directory should be installed.

    > Get-Module -ListAvailable -Name MSOnline*

    If this module is not installed, install it using the below command:

    > Install-Module -Name MSOnline -RequiredVersion 1.1.183.8

    Running the above command might prompt you to install Nuget Provider. Say Yes to the prompt.

    Enable the “Unrestricted” flag:

    To enable the Unrestricted flag on script execution in PowerShell, run the below command:

    >Set-ExecutionPolicy Unrestricted

    It is required when PowerShell presents an error related to script disablement.

    Was this article helpful?
    What's Next
    Products
    Resources
    Solutions
    Quick Links
    Connect With Us
    Sales and Support
    © Copyright 2023 Cross Identity