webnetwork Office 365 SSO integration v10-30-2015



Similar documents
SAML based Single Sign-on integration for:

Section 1, Configuring Access Manager, on page 1 Section 2, Configuring Office 365, on page 4 Section 3, Verifying Single Sign-On Access, on page 5

365 Services. 1.1 Configuring Access Manager Prerequisite Adding the Office 365 Metadata. docsys (en) 2 August 2012

This guide identifies two possible enterprise integration scenarios for NetScaler and Azure AD.

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

Installation valid SSL certificate

Microsoft Office 365 Using SAML Integration Guide

CA Nimsoft Service Desk

LAB 2: Identity Management

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

Configuring SuccessFactors

WHITE PAPER BT Sync, the alternative for DirSync during Migrations

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

Integration of Office 365 with existing faculty SSO

Single Sign On for Office 365 with NetScaler. Deployment Guide

Configuring. SuccessFactors. Chapter 67

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

Configuring. SugarCRM. Chapter 121

Configuring ADFS 3.0 to Communicate with WhosOnLocation SAML

Configuring the BIG-IP APM as a SAML 2.0 Identity Provider for Microsoft Office 365

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

SAP NetWeaver Fiori. For more information, see "Creating and enabling a trusted provider for Centrify" on page

Egnyte Single Sign-On (SSO) Installation for Okta

Configuring Salesforce

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other.

Configuring Color Access on the WorkCentre 7120 Using Microsoft Active Directory Customer Tip

SAP NetWeaver AS Java

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

SAM Context-Based Authentication Using Juniper SA Integration Guide

Egnyte Single Sign-On (SSO) Installation for OneLogin

SP-initiated SSO for Smartsheet is automatically enabled when the SAML feature is activated.

Configuring on-premise Sharepoint server SSO

Getting Started with AD/LDAP SSO

System Center Service Manager

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Configuring the BIG-IP APM as a SAML 2.0 Identity Provider for Microsoft Office 365

Stoneware Inc. Hyland Software OnBase. Stoneware, Inc.

For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce.

Configuring Single Sign-on from the VMware Identity Manager Service to Dropbox

Single Sign On for ShareFile with NetScaler. Deployment Guide

Security Assertion Markup Language (SAML) Site Manager Setup

Remote Storage Area (RSA) Basics

Cloud Services ADM. Agent Deployment Guide

Office 365 deployment checklists

Configuring user provisioning for Amazon Web Services (Amazon Specific)

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow

SSL VPN Setup for Windows

Sharepoint server SSO

SAML single sign-on configuration overview

Configuring. Moodle. Chapter 82

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

SAML single sign-on configuration overview

Connected Data. Connected Data requirements for SSO

Migrating Exchange Server to Office 365

Table of Contents SQL Server Option

USER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity

Automated backup. of the LumaSoft Gas database

How To Use Saml 2.0 Single Sign On With Qualysguard

NT Authentication Configuration Guide

AXIGEN Mail Server. Quick Installation and Configuration Guide. Product version: 6.1 Document version: 1.0

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

QUANTIFY INSTALLATION GUIDE

How to Implement the X.509 Certificate Based Single Sign-On Solution with SAP Netweaver Single Sign-On

Joining. Domain. Windows XP Pro

INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE

Using SSH Secure Shell Client for FTP

McAfee Cloud Identity Manager

Configuring Parature Self-Service Portal

Office 365 deploym. ployment checklists. Chapter 27

Configure Single Sign on Between Domino and WPS

Xopero Backup Build your private cloud backup environment. Getting started

Getting Started with the Ed-Fi ODS and Ed-Fi ODS API

Technical Support Set-up Procedure

Setting Up Resources in VMware Identity Manager

EVault Endpoint Protection 7.0 Single Sign-On Configuration

Expresso Quick Install

How to Configure Microsoft System Operation Manager to Monitor Active Directory, Group Policy and Exchange Changes Using NetWrix Active Directory

SSL SSL VPN

How to set up Outlook Anywhere on your home system

AVG Business SSO Connecting to Active Directory

Configuring Microsoft Dynamics AX 2012 Alerts and Notifications Using an SMTP Relay Server with Office 365

NETASQ SSO Agent Installation and deployment

Integration Package for Microsoft Office SharePoint3

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

Business mail 1 MS OUTLOOK CONFIGURATION... 2

Working with Office Applications and ProjectWise

Assistant-Enterprise Toolbar Go to to access the toolbar download.

NovaBACKUP xsp Version 15.0 Upgrade Guide

If you have questions or find errors in the guide, please, contact us under the following address:

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

Setting up Sharp MX-Color Imagers for Inbound Fax Routing to or Network Folder

Using Microsoft s CA Server with SonicWALL Devices

ADFS Integration Guidelines

Client configuration and migration Guide Setting up Thunderbird 3.1

Virtual Office Remote Installation Guide

Browser-based Support Console

Transcription:

webnetwork Office 365 SSO integration v10-30-2015 Guide will cover: How to configure webnetwork SAML application How to prepare Office 365 for Single Sign-On How to configure Office 365 Single Sign-On How to turn off Single Sign-On How to create links to Office 365 How to configure webnetwork SAML application Purpose: Steps: Create the Public application in webnetwork that will connect to Office 365 via SAML Create the certificate to be shared with Office 365 1. Right-click on Applications Admin and click Create Public Application 2. Enter Office365 and click Next 3. Verify created successfully and click Close 4. Click Authentication tab and choose Office 365 for type 5. Enter variable for Identity 6. Enter URL for Assertion Consumer 7. Click Wizard for PFX Certificate and choose RSA 2048 then click Generate button 8. Click Overwrite button 9. Click Wizard button for Certificate 10. Input values then click Generate button 11. Verify certificate was generated 12. Select all text and copy to Notepad, then save file as office365-cert.txt 13. Click Overwrite button 14. Click Assertion for SAML Signature Location 15. Add input Audience 16. Click Save button 17. Click Properties tab and add Context Path (Alias) 18. Add all webrelay objects to Assigned Relays 19. Click the Provisioning /Attributes tab and enable Provision 20. Add the remote attribute IDPEmail and local attribute then click OK 21. Add the remote attribute ImmutableID and local attribute then click OK 22. Add the remote attribute UserPrincipalName and local attribute then click OK Page 1

23. Click Save button *** The Provisioning tab changes to Attributes in webnetwork 6.3.1 and higher. *** This document has been modified to include the commands to allow Outlook and other "fat" clients to authenticate against webnetwork when Office 365 is federeated. 1. Right-click on Applications Admin and click Create Public Application Page 2

2. Enter Office365 and click Next Page 3

3. Verify created successfully and click Close Page 4

4. Click Authentication tab and choose Office 365 for type Page 5

5. Enter variable for Identity @@encodeuuid(attr:sware.guid)@@ requires webnetwork 6.2.1.191 or newer Page 6

6. Enter URL for Assertion Consumer https://login.microsoftonline.com/login.srf Page 7

7. Click Wizard for PFX Certificate and choose RSA 2048 then click Generate button Page 8

8. Click Overwrite button Page 9

9. Click Wizard button for Certificate Page 10

10. Input values then click Generate button IMPORTANT - Make sure to pick SHA-1 Input your company values and NOT the ones provided below Page 11

11. Verify certificate was generated Page 12

12. Select all text and copy to Notepad, then save file as office365-cert.txt Page 13

13. Click Overwrite button Page 14

14. Click Assertion for SAML Signature Location Page 15

15. Add Audience urn:federation:microsoftonline Page 16

16. Change Close Window for the SAML Logout Behavior Page 17

17. Click Save button Page 18

18. Click Properties tab and add Context Path (Alias) /Office365 Page 19

19. Add all webrelay objects to Assigned Relays Below example only shows 1 webrelay, but if you have more webrelays you should add them now Page 20

20. Click the Provisioning tab and enable Provision Page 21

21. Add the remote attribute IDPEmail and local attribute then click OK @@attr:mail@@ Attribute should be users Office 365 email address Page 22

22. Add the remote attribute ImmutableID and local attribute then click OK @@encodeuuid(attr:sware.guid)@@ Attribute must be base64 encoded GUID and match ImmutableID in Office 365 Page 23

23. Add the remote attribute UserPrincipalName and local attribute then click OK Use @@attr:mail@@ or @@attr:userprincipalname@@ Attribute must match Office 365 UserPrincipalName Page 24

24. Click Save button How to prepare Office 365 for Single Sign-On Purpose: Steps: Download tools necessary to connect to Azure cloud and turn on SSO Make sure you have two admin accounts in each domain, so you will not get locked out if SSO configuration fails for Office 365 1. Download utilities 2. Create Office 365 domain 3. Create back-up administrator account Page 25

4. Login with back-up administrator account 1. Download utilities Download and install Microsoft Services Sign-In Assistant Download and install Azure AD Any workstation 2. Create Office 365 domain IMPORTANT - must be different from @MYDOMAIN.onmicrosoft.com domain to turn on Single Sign-On 3. Create back-up administrator account In the event that you federate your domain unsuccessfully and are disconnected from Powershell session, you'll need an admin in the @MYDOMAIN.onmicrosoft.com domain to turn off federation. Office 365 - Create a User Office 365 - Assign Admin Role Page 26

4. Login with back-up administrator account Verify you can login with back-up administrator account on the @MYDOMAIN.onmicrosoft.com domain How to configure Office 365 Single Sign-On Purpose: Steps: Need to turn on federation using powershell 1. Run Windows Azure Active Directory Module for Windows PowerShell 2. Run Connect-MsolService and login with admin creds 3. Run command to verify ImmutableId is populated 4. Open Notepad and paste in the following script 5. Save file as turn-on.ps1 6. Run command.\turn-on.ps1 Page 27

7. Test login 8. Login with AD creds 9. Verify login was successful 10. Turn off SSO 1. Run Windows Azure Active Directory Module for Windows PowerShell Page 28

2. Run Connect-MsolService and login with admin creds Connect-MsolService Page 29

3. Run command to verify ImmutableId is populated Get-MsolUser -UserPrincipalName user@yourdomain.com format-table -property ImmutableID Value will be base64 encoded and should be the same value as @@attr:objectguid@@ IMPORTANT - if users do not have ImmutableID defined, they will not be able to login with SSO method If ImmutableId value is empty for user, then run command Set-MsolUser - UserPrincipalName user@yourdomain.com -ImmutableID USERVALUE 4. Open Notepad and paste in the following script (edit the parts in RED) $dom = "YOURDOMAIN.com $BrandName = "Stoneware" $url = "https://your-webnetwork-url/swpublicsso/saml/office365" $logouturl = " https://your-webnetwork-url/swpublicsso/saml/logout/office365" $uri = "https://your-webnetwork-url/swpublicsso/saml/office365" $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\Users\ Administrator\Desktop\O365\office365-cert.txt") Page 30

$certdata = [system.convert]::tobase64string($cert.rawdata) $MetadataExchangeUri = "https://your-webnetwork-url/swpublicsso/samlmetadata/ Office365" $Protocol = "SAMLP" $activeurl = "https://your-webnetwork-url/swpublicsso/saml/ecp/office365" Set-MsolDomainAuthentication -DomainName $dom -FederationBrandName $BrandName - Authentication Federated -PassiveLogOnUri $url -SigningCertificate $certdata -IssuerUri $uri -LogOffUri $logouturl -MetadataExchangeUri $MetadataExchangeUri - PreferredAuthenticationProtocol $Protocol -ActiveLogOnUri $activeurl Page 31

5. Save file as turn-on.ps1 Page 32

6. Run command.\turn-on.ps1 If you receive an error about running scripts, you may have to allow scripts to run with powershell http://technet.microsoft.com/en-us/library/cc764242.aspx Page 33

7. Test login https://login.microsoftonline.com/ After typing in username and hitting tab, it should redirect to your webnetwork login page Page 34

8. Login with AD creds Page 35

9. Verify login was successful Page 36

How to turn off Single Sign-On Set-MsolDomainAuthentication -Authentication Managed -DomainName YOURDOMAIN.com How to create links to Office 365 Purpose: Steps: If user is already in webnetwork, you want a simple link to Office 365 application 1. Go to webadmin tool 2. Expand Link Menu Admin folder 3. Expand desired location 4. Right-click and select Create Link 5. Type in Office365-link then click Next button 6. Verify the link was created successfully then click Close button 7. Enter description 8. Enter URL 9. Click the green + for Assigned To 10. Assign users/groups/ous then click OK button 11. Click Save button Page 37

12. Logout 13. Login 14. Click Office 365 tile 1. Go to webadmin tool Page 38

2. Expand Link Menu Admin folder Page 39

3. Expand desired location Page 40

4. Right-click and select Create Link Page 41

5. Type in Office365-link then click Next button Page 42

6. Verify the link was created successfully then click Close button Page 43

7. Enter description Page 44

8. Enter URL Office 365 Portal https://login.microsoftonline.com/posttoidp.srf?msg=authnreq&realm=yourdomain.com &wa=wsignin1.0&wtrealm=urn:federation:microsoftonline Outlook https://outlook.office365.com/owa/?realm=yourdomain.com&exsvurl=1&ll-cc=1033&modurl=0 Page 45

9. Click the green + for Assigned To Page 46

10. Assign users/groups/ous then click OK button Page 47

11. Click Save button 12. Logout Page 48

13. Login Page 49

14. Click Office 365 tile Page 50

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information