Configure CI as IdP on Office365

Updated on 22 Jul 2024
1 Minute to read

Print
Share
Dark
Light
PDF

Article summary

Did you find this summary helpful?

Thank you for your feedback

This section describes the steps to enable Federated Authentication (SAML) for Office 365 domain.

On the above PowerShell Command window, set the following values:
Note:
Refer to the prerequisite section for more details.

a. Set IdP related values:

$LogOnUrl = "<CI IdP Login URL value>"

Example, $LogOnUrl = "https://Crossidentity.com/CIDSaas/default/user/spsso"

$uri = "<CI IdP Entity ID>"

Example, $uri = "https://Crossidentity.com"

$LogOffUrl = "<CI IdP Logout URL value>"

Example, $LogOffUrl = https://Crossidentity.com/CIDSaas/default/user/slo

b. Set IdP Certificate:

$certFile = "C:\Downloads\CIIdPCert.cer"

$cert = [IO.File]::ReadAllText($certFile)

$cert = $cert.replace("-----BEGIN CERTIFICATE-----","")

$cert = $cert.replace("-----END CERTIFICATE-----","")

$cert = $cert.replace("`r","")

$cert = $cert.replace("`n","")

Note:

You can set this value in another way as well:
Open the Cert file remove all “new line” characters and copy the text between “-----BEGIN CERTIFICATE-----” and “-----END CERTIFICATE-----” lines and set it to the $cert variable as follows:
$cert = "MIICqjCCAhOgAwIBAgIJAN..........dTOjFfqqA="
Another option is:
$cert=New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\Downloads\CIIdPCert.cer")
$certData = [system.convert]::tobase64string($cert.rawdata)

c. Set Office365 Domain value:

$dom = "mycompany.com"

Note:

This is the same domain name identified in “Identity Office365 Domain” in Step-1 – “Ensure All Prerequisites for Office385 SAML configuration.”

2. Run the below command to enable SSO in Office 365:

>Set-MsolDomainAuthentication -DomainName $dom -FederationBrandName $dom -Authentication Federated -PassiveLogOnUri $LogOnUrl -SigningCertificate $cert -IssuerUri $uri -LogOffUri $LogOffUrl -PreferredAuthenticationProtocol SAMLP

Note:

Running the above command may present an error, but it can be ignored, and you can proceed with the following command to verify the configuration.

3. To test the configuration, use the following command:

>Get-MSolDomainFederationSettings -DomainName $dom | Format-List *

Note:

Reconfigure or update SSO settings: If you are already using SSO for Office 365 from another identity provider or want to update Cross Identity SAML SSO settings, you must first disable SSO in Office 365 and follow up on the steps in this guide. To disable SSO in Office 365, use the command given below:

> $dom = "mycompany.com"

>Set-MsolDomainAuthentication -DomainName $dom -FederationBrandName $dom -Authentication Managed

Once completed, follow the above steps (#1, #2 and #3) to configure Cross Identity IdP.

Was this article helpful?

What's Next

Configure Office365 as SP on Cross Identity