Office 365
This describes the steps necessary to complete the Office 365 integration when using the rapid setup guide in TozID.
Last updated
This describes the steps necessary to complete the Office 365 integration when using the rapid setup guide in TozID.
Last updated
Your Tozny account - create one free here
Admin access to your Office 365 account
Custom domain to use for Office 365
About 15 minutes to complete the setup
Create a new client application in TozID by logging into your realm, navigating to clients, select "create" and choose "Office 365".
Login to your Office 365 admin account(https://admin.microsoft.com/). Click "Settings" then "Domains" from the left menu. Click on "Add Domain" and follow the steps to verify it's ownership.
Once domain verification is completed and the domain added, then follow below steps.
To run script,
Install MSOnline Module. Run "Install-Module MSOnline" command
Import MSOnline Module. Run "Import-Module MSOnline" command
Connect Office 365 account. Run "Connect-MsolService" command, it will open login screen for Office 365 account.
Run below script.
Configure the following values in powershell script:
Replace placeholders(<field-name>) with values in below powershell script and run it.
Get Signing Certificate from your Realm Settings.
Immutable Id's are unique ID for the user which will be auto created inside your realm user attribute when they try to login before the user is being created. Go to office 365 login in incognito window and put user email address in login screen, it will redirect to "TozID" login page. That's it. ImmutableId will be created for that user inside User Attribute with the key "saml.persistent.name.id.for.urn:federation:MicrosoftOnline".
Select save and ensure your users are correctly configured in TozID and in Office 365. Once completed, users should be able to sign in to Office 365 account with TozID. Having issues? Reach us at support@tozny.com
| Field | Value |
|---|---|
| Field | Value |
|---|---|
DomainName
Domain name which is added at Office 365 admin.
FederationBrandName
Any Name Example: "MS Office SAML".
Authentication
Static value "Federated".
PassiveLogOnUri
https://staging.id.tozny.com/auth/realms/<realm-name>/protocol/saml
ActiveLogOnUri
https://staging.id.tozny.com/auth/realms/<realm-name>/protocol/saml
SigningCertificate
X.509 Certificate
IssuerUri
https://staging.id.tozny.com/auth/realms/<realm-name>
LogOffUri
https://staging.id.tozny.com/auth/realms/<realm-name>/protocol/saml
PreferredAuthenticationProtocol
Static value "SAMLP".
UserPrincipalName
Email address of the user. Should be of federated domain.
ImmutableId
Immutable Id from Office 365 created inside your realm user.
DisplayName
Fullname of the user.
FirstName
Firstname of the user.
LastName
Lastname of the user.
