Skip to content

014 O365SSOlogin

Logging into O365 with ZTAA as SSO

Office 365 SSO integration by Instasafe ZTAA provides secure access and full control over multiple Web and SaaS applications to enterprise users and clients. Using ZTAA as an users to Single Sign-On into Office 365 account with one set of login credentials, eliminating user-managed passwords and the risk of phishing. Single Sign-On for Office 365 sets up leverages the existing on-premise Active Directory infrastructure and provides seamless integration without the need to manage multiple on-premise and cloud identities.

In addition to SSO for Office 365, users will have one-click access to all their apps and . Users requirement to secure Office 365 also helped us to introduce enhanced Office 365 Two-Factor Authentication solution. 

Import Users from Azure AD 

Users need to be synced from Azure AD so that ZTAA recognises them and pulls all users details. Profile for O365 users will be existing in Azure AD.

Image

Steps to Sync Azure AD profile

To sync users from Azure AD to ZTAA the admins need to login to AzureAD via ZTAA console 

1- Log in as an admin and go to Identity Management

2- Log into to Azure via an admin account

3- Set Default Password for all users (Optional).

4- Click on Sync button to import users.

Adding Users via Azure

P.S Please search for individual user name to confirm that users have been successfully imported.

Configuring ZTAA as IDP

  1. Go to Identity Provider and configure a SAML profile for O365. | Basic SAML Configuration setting | SP Initiated | IdP-Initiated | Description | | Identifier (Entity ID) | Required for some apps | Required for some apps | This field will Uniquely identify ZTAA application. Azure AD sends the identifier to the application as the Audience parameter of the SAML token. The application is expected to validate it. This value also appears as the Entity ID in ZTAA provided by the application.  | | ACS URL (Reply URL/Redirection URL) | Required | Required | ACS or Assertion Consumer Service URL specifies where the application expects to receive the SAML token. This is to be obtained from the meta data file obtained for azure. | | IDP URL and Logout URL  | Required | Auto generated | The IDP URL and Logout Url will be generated post successful configuration as a IDP and needs to be after configuration to be provided while configuring SP.  |

Image

  • IDP certificate and Private Key can be auto generated in the console
  • The Value of Subject ID field which has a default value as email has to be changed to Custom Attribute .
  • Subject ID format has to be set 
  • Custom attribute field has to be mandatorily set to “ext.onPremiseImmutableId” 
  • SP certificate can be the same as IDP certificate.

Image

Setting up O365 as SP

Unlike other SaaS based application O365 does not have a User interface for SAML settings and the same has to carried out through powershell.

  1. Run the command “ Connect-MsolService” and enter admin credentials in the popup. 

Image 1. Run the command ”Get -MSolDomainFederationSettings” to see the settings.

Image 1. Set the Environment variables to value as given blow.

  • $dom= Domain name of O365 for which SAML has to be configured
  • $BrandName= Any Brand Name. 
  • $LogOnUrl= LogIn URL created above
  • $MyURI= SAML front end, Idp Entity ID. Captured in step -1
  • $MySigningCert = SAML Front end IDP Certificate
  • $Protocol= SAML
  • $logOffUri = Logout URL created above

\  Image

Signing into Office Account

  1. After configuration, Visit Portal.office.com. and enter username. 

Image

  1. You will be redirected to ZTAA authentication page. Enter your credentials

Image

Upon successful authentication you will be able to login to your office account.

Image

Comments