Office 365

  1. Create an Office 365 for Business account. To do this:

    a. Go to the Office 365 Select a plan page.
    b. Choose Office 365 Business Premium (can be free trial).
    c. Follow the steps in the setup wizard.

  2. Add your domain. To do this:

    a. Log in Office 365 and go to the Admin page.
    b. Under Setup > Basic Setup, click on the Start button.
    c. Follow the steps in the setup wizard.

    When complete, ensure that the newly added domain is not set as the default domain, because default domains cannot be used for federated sign on.

  3. Add new users. To do this:

    a. Under Users > Active Users, select the big plus sign to add a new user.
    b. Configure the new user with the newly added domain.

  4. Install the Windows PowerShell module. To do this:

    a. Follow the instructions on Managing Office 365 and Exchange Online with Windows PowerShell.
    b. Install the following:

    • Microsoft Online Service Sign-In Assistant
    • Active Directory Module for Windows PowerShell
  5. Configure M-Pin SSO as an Identity provider for the Office 365 Account. To do this:

    a. Open Windows PowerShell.
    b. Import the MSOnline module with Import-Module MSOnline.
    c. Connect to your main Office 365 profile with Connect-MsolService.
    d. Define the required variables. Use the following settings:

    • $dom – your registered domain name, e.g. yourdomain.com
    • $uri – (found under Global Settings > SAML Metadata in the M-Pin SSO web console)
    • $logouturi – your M-Pin SSO SAML SLO Redirect Endpoint (found under Global Settings > SSO information in the M-Pin SSO web console)
    • $url – your M-Pin SSO SAML SSO Endpoint (found under Global Settings > SSO information in the M-Pin SSO web console)
    • $cert – your M-Pin SSO X.509 certificate (without the comment lines, i.e. without the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines)
      (found under Global Settings > SSO information in the M-Pin SSO web console).

    e. Run the following command:

    Connect-MsolService Set-MsolDomainAuthentication -DomainName $dom -FederationBrandName $dom -Authentication Federated -PassiveLogOnUri $url -SigningCertificate $cert -IssuerUri $uri -LogOffUri $logouturl -PreferredAuthenticationProtocol SAMLP

    A full list of MSOnline commands can be retrieved with Get-Command –Module MSOnline.

    If you need to change settings, first switch back to managed mode with Set-MsolDomainAuthentication -DomainName $dom -Authentication Managed.

  6. (Optional) Verify your settings are correct. To do this, run the following command: Get-MsolDomainFederationSettings –DomainName $dom.

In the M-Pin SSO web console:

  1. Under Integration, click on the + button next to Office 365 profiles.
    The Add Office 365 profile page is displayed.
  2. Complete the required fields and save the profile. Settings:
    • Name: (required) – name of the profile, e.g. Sample Office 365 Profile
    • LDAP Profile: ­– if you have LDAP profiles configured, they will be available in this drop-down
    • Recipient URL: ­– IAM end point for the client app (if any)
    • Domain: (required) – Your Office365 domain. Example: mydomain.com

      After saving, the profile is displayed on the Office 365 profiles page. From this point on, when your users visit the Office 365 service and enter an email address belonging to the profile just set up, Office 365 will detect that single sign-on is enabled and a password will no longer be necessary.