Tozny
Tozny
  • Overview
  • Why Encrypt?
  • TOZ PLATFORM
    • Dashboard
    • Create Free Account
    • Quickstart
  • TOZ Id
    • Authentication Overview
    • Enterprise SSO
      • Adding Users
      • Slack (Quick Setup)
      • Freshdesk (Quick Setup)
      • Atlassian (Quick Setup)
      • Dropbox (Quick Setup)
      • GSuite
      • Office 365
    • Customer Identity Management
      • Vue with TozID
  • TOZ Store
    • Quickstart
    • Core Concepts
      • Using TOZ Store
      • Data Structure
      • Account Details
    • API Reference
  • Helpful Links
    • Privacy Policy
    • Terms of Use
    • Terms of Service
Powered by GitBook
On this page
  • What You'll Need
  • Configure TozID
  • Configure Office 365
  • Step 1: Federate your Office 365 custom domain through PowerShell.
  • Step 2: Add Office 365 users through PowerShell (User email address should be of federated domain)
  • Step 3: Login to Office 365 admin account and assign licenses to apps for the created users.
  • Wrapping Up

Was this helpful?

  1. TOZ Id
  2. Enterprise SSO

Office 365

This describes the steps necessary to complete the Office 365 integration when using the rapid setup guide in TozID.

PreviousGSuiteNextCustomer Identity Management

Last updated 2 years ago

Was this helpful?

What You'll Need

  • Your Tozny account -

  • Admin access to your Office 365 account

  • Custom domain to use for Office 365

  • About 15 minutes to complete the setup

Configure TozID

Create a new client application in TozID by logging into your realm, navigating to clients, select "create" and choose "Office 365".

Configure Office 365

Login to your Office 365 admin account(https://admin.microsoft.com/). Click "Settings" then "Domains" from the left menu. Click on "Add Domain" and follow the steps to verify it's ownership.

Once domain verification is completed and the domain added, then follow below steps.

Step 1: Federate your Office 365 custom domain through PowerShell.

To run script,

  1. Install MSOnline Module. Run "Install-Module MSOnline" command

  2. Import MSOnline Module. Run "Import-Module MSOnline" command

  3. Connect Office 365 account. Run "Connect-MsolService" command, it will open login screen for Office 365 account.

  4. Run below script.

Configure the following values in powershell script:

Field
Value

DomainName

Domain name which is added at Office 365 admin.

FederationBrandName

Any Name Example: "MS Office SAML".

Authentication

Static value "Federated".

PassiveLogOnUri

https://staging.id.tozny.com/auth/realms/<realm-name>/protocol/saml

ActiveLogOnUri

https://staging.id.tozny.com/auth/realms/<realm-name>/protocol/saml

SigningCertificate

X.509 Certificate

IssuerUri

https://staging.id.tozny.com/auth/realms/<realm-name>

LogOffUri

https://staging.id.tozny.com/auth/realms/<realm-name>/protocol/saml

PreferredAuthenticationProtocol

Static value "SAMLP".

Replace placeholders(<field-name>) with values in below powershell script and run it.

  Set-MsolDomainAuthentication `
  -DomainName \<domain-name> `
  -FederationBrandName \<federation-brand-name> `
  -Authentication Federated `
  -PassiveLogOnUri \<passive-log-on-uri>  `
  -ActiveLogOnUri \<active-log-on-uri>  `
  -SigningCertificate \<signing-certificate> `
  -IssuerUri \<issuer-uri> `
  -LogOffUri \<log-off-uri> `
  -PreferredAuthenticationProtocol "SAMLP"

Get Signing Certificate from your Realm Settings.

Step 2: Add Office 365 users through PowerShell (User email address should be of federated domain)

Field
Value

UserPrincipalName

Email address of the user. Should be of federated domain.

ImmutableId

Immutable Id from Office 365 created inside your realm user.

DisplayName

Fullname of the user.

FirstName

Firstname of the user.

LastName

Lastname of the user.

New-MsolUser `
-UserPrincipalName <email-address> ` 
-ImmutableId <immutable-id> `
-DisplayName "<full-name>" `
-FirstName <first-name> `
-LastName <last-name> `

ImmutableId

Immutable Id's are unique ID for the user which will be auto created inside your realm user attribute when they try to login before the user is being created. Go to office 365 login in incognito window and put user email address in login screen, it will redirect to "TozID" login page. That's it. ImmutableId will be created for that user inside User Attribute with the key "saml.persistent.name.id.for.urn:federation:MicrosoftOnline".

Step 3: Login to Office 365 admin account and assign licenses to apps for the created users.

Wrapping Up

Select save and ensure your users are correctly configured in TozID and in Office 365. Once completed, users should be able to sign in to Office 365 account with TozID. Having issues? Reach us at support@tozny.com

create one free here
Create Office 365 Client Screen
Add domain in Office 365 Admin
TozID X.509 Certificate File
TozID X.509 Certificate File
Office 365 Assign Licenses