Office 365
This describes the steps necessary to complete the Office 365 integration when using the rapid setup guide in TozID.
- Admin access to your Office 365 account
- Custom domain to use for Office 365
- About 15 minutes to complete the setup
Create a new client application in TozID by logging into your realm, navigating to clients, select "create" and choose "Office 365".

Create Office 365 Client Screen
Login to your Office 365 admin account(https://admin.microsoft.com/). Click "Settings" then "Domains" from the left menu. Click on "Add Domain" and follow the steps to verify it's ownership.

Add domain in Office 365 Admin
Once domain verification is completed and the domain added, then follow below steps.
To run script,
- 1.Install MSOnline Module. Run "Install-Module MSOnline" command
- 2.Import MSOnline Module. Run "Import-Module MSOnline" command
- 3.Connect Office 365 account. Run "Connect-MsolService" command, it will open login screen for Office 365 account.
- 4.Run below script.
Configure the following values in powershell script:
Field | Value |
---|---|
DomainName | Domain name which is added at Office 365 admin. |
FederationBrandName | Any Name Example: "MS Office SAML". |
Authentication | Static value "Federated". |
PassiveLogOnUri | https://staging.id.tozny.com/auth/realms/<realm-name>/protocol/saml |
ActiveLogOnUri | https://staging.id.tozny.com/auth/realms/<realm-name>/protocol/saml |
SigningCertificate | X.509 Certificate |
IssuerUri | https://staging.id.tozny.com/auth/realms/<realm-name> |
LogOffUri | https://staging.id.tozny.com/auth/realms/<realm-name>/protocol/saml |
PreferredAuthenticationProtocol | Static value "SAMLP". |
Replace placeholders(<field-name>) with values in below powershell script and run it.
Set-MsolDomainAuthentication `
-DomainName \<domain-name> `
-FederationBrandName \<federation-brand-name> `
-Authentication Federated `
-PassiveLogOnUri \<passive-log-on-uri> `
-ActiveLogOnUri \<active-log-on-uri> `
-SigningCertificate \<signing-certificate> `
-IssuerUri \<issuer-uri> `
-LogOffUri \<log-off-uri> `
-PreferredAuthenticationProtocol "SAMLP"
Get Signing Certificate from your Realm Settings.

TozID X.509 Certificate File

TozID X.509 Certificate File
Field | Value |
---|---|
UserPrincipalName | Email address of the user. Should be of federated domain. |
ImmutableId | Immutable Id from Office 365 created inside your realm user. |
DisplayName | Fullname of the user. |
FirstName | Firstname of the user. |
LastName | Lastname of the user. |
New-MsolUser `
-UserPrincipalName <email-address> `
-ImmutableId <immutable-id> `
-DisplayName "<full-name>" `
-FirstName <first-name> `
-LastName <last-name> `
Immutable Id's are unique ID for the user which will be auto created inside your realm user attribute when they try to login before the user is being created. Go to office 365 login in incognito window and put user email address in login screen, it will redirect to "TozID" login page. That's it. ImmutableId will be created for that user inside User Attribute with the key "saml.persistent.name.id.for.urn:federation:MicrosoftOnline".

Office 365 Assign Licenses
Select save and ensure your users are correctly configured in TozID and in Office 365. Once completed, users should be able to sign in to Office 365 account with TozID. Having issues? Reach us at [email protected]
Last modified 10mo ago