SAML based Single Sign-on integration for: WiActs Inc. 2015. All rights are reserved. Use of this document is subject to the terms and conditions of WiActs products. 1
1. On the WiActs Admin Dashboard, from the left hand menu, click on Apps. 2. Click on New Application. 3. Choose one of the Office 365 apps from the drop-down menu and set a App nickname for it, if it s desirable. Then click on the Next button. WiActs Inc. 2015. All rights are reserved 1
4. Download the certificate by clicking on the Certificate hyperlink. 5. Click on PowerShell command template for ADFS to download it. 6. Click on the Next button. 7. Enter your onmicrosoft.com domain in the App Custom URL <your-domain>.onmicrosoft.com WiActs Inc. 2015. All rights are reserved 2
8. Log into the Office 365 administration center as an administrator. https://portal.microsoftonline.com/ 9. Click on Admin Center, on the left hand side panel, and choose Domain 10. Add a domain that you are going to use for single sign on and go through the steps to confirm that you own the domain. 11. DO NOT add any users at this stage. 12. In the section where you are asked How do you want to use <your domain> with Office 365?, Uncheck the checked boxes next to Exchange Online and Lync Online ; unless DNS entries are to be updated. 13. Make sure that the new domain is not the default domain. If the new domain is not selected as the default domain, go to step 18. 14. If the new domain is set to be the default domain, click on your company name on the top right corner WiActs Inc. 2015. All rights are reserved 3
15. Choose <your domain>.onmicrosoft.com as the Default domain WiActs Inc. 2015. All rights are reserved 4
16. SSO configuration for Office 365 requires Windows Azure Active Directory Module for Windows PowerShell cmdlets. Download and install cmdlets from the following link: https://technet.microsoft.com/en-us/library/jj151815.aspx Tip: Office 365 integration for WiActs Trial and Pilot programs require a few line of coding. The integration for the final version, where it integrates with Windows Active Directory, is significantly simpler. 17. To complete SSO configuration, run the Set-MsolDomainAuthentication cmdlet 18. You need to use the PowerShell command template and the certificate that you downloaded (in step 6 and 7) from WiActs Admin Dashboard. 19. To configure office 365 SSO, customize the PowerShell command template based on following steps and then paste them in the PowerShell command box. 20. Prompt for the administrator s credentials $cred=get-credential Connect-MsolService -Credential $cred WiActs Inc. 2015. All rights are reserved 5
WiActs No Password SSO Tip: While you customize the PowerShell command template, where you enter your company domain for SSO, you don t need to enter https://www, Example: wiacts.com $domain = "<your company domain for SSO>" $issuer = "https://id.wiacts.com/" $ssourl = "https://id.wiacts.com/saml/ssoservice.aspx" $ecpurl = "https://id.wiacts.com/saml/ecp.aspx" $logoffurl ="https://id.wiacts.com/logout.aspx" 21. Locate the certificate file you downloaded in step 6 to customize the following part of PowerShell command $certificatefile = <Address of certificate file you just downloaded>" $certificate = [IO.File]::ReadAllText($certificateFile) $certificate = $certificate.replace("-----begin CERTIFICATE-----","") $certificate = $certificate.replace("-----end CERTIFICATE-----","") $certificate = $certificate.replace("`r","") $certificate = $certificate.replace("`n","") WiActs Inc. 2015. All rights are reserved 6
22. the following part of script enables the SSO for your domain Set-MsolDomainAuthentication -FederationBrandName $domain -DomainName $domain - Authentication federated -PreferredAuthenticationProtocol SAMLP -IssuerUri $issuer - SigningCertificate $certificate -PassiveLogOnUri $ssourl -ActiveLogOnUri $ecpurl -LogOffUri $logoffurl Verbose WiActs Inc. 2015. All rights are reserved 7
23. See all licences Get-MsolAccountSku Tip: You need your AccountSku number to be able to add users. 24.Add user New-MsolUser -UserPrincipalName <New user's email at your custom domain> - ImmutableId <New user's ImmutableId which is unique in your domain> -FirstName <New user's first name> -LastName <New user's last name> -DisplayName <New user's display name> -LicenseAssignment <your AccountSku> -usagelocation <Country name i.e US> WiActs Inc. 2015. All rights are reserved 8
Tip: The immutable id is uniquely and permanently identifier for the user. Make sure you enter this Immutable id in WiActs Dashboard as the user s ID. The user principal name is the IDPEmail. Both these values must match with the Office 365 configuration for single sign-on to be successful. Tip: To delete a user that was created by mistake, use the following script: Remove-MsolUser -UserPrincipalName <User's email> Tip: The above command moves the user to the Office 365 recycle bin. To create a user with the same name, the first user must be removed from the recycle bin. Tip: To retrieve a deleted user: Get-MsolUser -ReturnDeletedUsers -SearchString <User's email> select UserPrincipalName, ObjectId Tip: To remove a deleted user from the recycle bin: Remove-MsolUser -RemoveFromRecycleBin ObjectId <objectid value> WiActs Inc. 2015. All rights are reserved 9
25. On the Apps section of WiActs Admin Dashboard, select the Office 365 app that you just added. 26. Click on the Assign users button 27. Assign users and/or groups to the app, then click on the Save Changes button. 28. On the left hand menu, click on Users. Then double-click on the users you added in PowerShell to edit these users. WiActs Inc. 2015. All rights are reserved 10
29. Enter the users ImmutableId in the User ID field and click on the Save Changes button. The process of Office 365 configuration is completed. WiActs Inc. 2015. All rights are reserved 11
This is only required for Trial and Pilot accounts. The final solution integrates with Windows Active Directory. Therefore, the admin does not need to add users separately in WiActs Dashboard. Trouble shooting: The following problem when users are trying to sign into Office 365 is a common problem resulted from Office 365 bug. Sorry, but we're having trouble signing you in. Please try again in a few minutes. If this doesn't work, you might want to contact your admin and report the following error: *********. The solution is simply to close the browser tab you were using, then restart your browser. Then open a fresh browser tap and try to login. Should you have further question, do not hesitate to contact us at support@wiacts.com For further tutorials and video, please visit: https://www.wiacts.com/tutorials WiActs Inc. 2015. All rights are reserved 12