Ask the Community
Groups
Adding Office 365 - Connect IT Community | Kaseya
<main> <article class="userContent"> <p><strong>Note: Once this integration is enabled all access to Office 365 will require the use of MFA via SSO. </strong></p> <p><strong>Note</strong>: Hybrid Office 365 deployments are not supported. If you are using a hosted Exchange Server with an Office 365 domain this integration is not compatible.</p> <p><strong>Note: </strong>Office 365 domains configured via ADFS (Active Directory Federated Services) is not compatible.</p> <p><strong>Note</strong>: Using a Server 2012 Essentials server that has been federated with Office 365 is not compatible with this integration.</p> <p><strong>Note</strong>: Trial versions of Office 365 are not compatible with this integration.</p> <p><strong>Note</strong>: Use of a <a href="https://kaseya.vanillacommunities.com/profile/company" rel="nofollow">@company</a>.onmicrosoft.com user account to manage the federated domain is required.</p> <p><strong>Note</strong>: Thick Clients will need to support and have <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fblogs.office.com%2Fen-us%2F2015%2F11%2F19%2Fupdated-office-365-modern-authentication-public-preview%2F" rel="noopener noreferrer nofollow">Modern Authentication</a> enabled to allow a federated login. </p> <p><strong>Setting up Office 365 in your Passly Tenant</strong></p> <ol><li>Select <strong>Directory Manager</strong>.</li> <li>Select <strong>Groups</strong>.<br>Select the Blue plus sign in the bottom right corner.<br><img src="https://us.v-cdn.net/6032361/uploads/migrated/VZNFFR9D4XB1/kb2-png.png" alt="kb2.PNG" width="53" height="52" class="embedImage-img importedEmbed-img"></img><br>Name the Group <strong>Office 365</strong> <strong>Users</strong>.<br><strong>Note</strong>: If you have other existing Groups for SSO users you can use one of these as well.<br>Select <strong>ADD GROUP</strong>.</li> <li>Select <strong>SSO Manager</strong>.</li> <li>Select the Blue plus sign in the bottom right corner.<br><img src="https://us.v-cdn.net/6032361/uploads/migrated/VZNFFR9D4XB1/kb2-png.png" alt="kb2.PNG" width="53" height="52" class="embedImage-img importedEmbed-img"></img></li> <li>Select the Catalog Icon.<br><img src="https://us.v-cdn.net/6032361/uploads/migrated/785PIEKRBUCP/kb4-png.png" alt="kb4.PNG" class="embedImage-img importedEmbed-img"></img></li> <li>Select <strong>Office 365.<br><img src="https://us.v-cdn.net/6032361/uploads/migrated/WF3E6DGLWL2I/o2-png.png" alt="o2.PNG" class="embedImage-img importedEmbed-img"></img><br></strong> </li> <li>Set your Microsoft Office 365 Online settings. You will need to enter the following.<br><strong>Managed Domain:</strong><br><strong>Your <a href="https://kaseya.vanillacommunities.com/profile/company" rel="nofollow">@company</a>.onmicrosoft.com username</strong><br><strong>Password:<br></strong> <p>Passly supports federated signin and synchronization with Office 365, which is also known as Microsoft Online Services or Microsoft Azure Active Directory.</p> <p>Federation is configured with these settings.<br>Managed Domain: This is the domain used to identify the tenant<br>Management Username: The *.onmicrosoft.com admininstrative account username used to synchronize user details<br>Password: The management account password</p> <strong><br><img src="https://us.v-cdn.net/6032361/uploads/migrated/H1ZHT3QC37YF/o3-png.png" alt="o3.PNG" class="embedImage-img importedEmbed-img"></img><br></strong> <p> </p> </li> <li>Select <strong>Verify Compatibility</strong>. You should see the following message if the domain information is successfully verified.<br><img src="https://us.v-cdn.net/6032361/uploads/migrated/0OP4N3TM90FZ/o6-png.png" alt="o6.PNG" class="embedImage-img importedEmbed-img"></img></li> <li>Set your desired Deep Linking into Office 365 Applications<br>Select which applications should show up on the launchpad so users can launch directly into them.<br><img src="https://us.v-cdn.net/6032361/uploads/migrated/EYVYP38SNBJC/o5-png.png" alt="o5.PNG" class="embedImage-img importedEmbed-img"></img></li> <li>Select <strong>Application Configuration</strong>.<br>Ensure that the Application is enabled.<br><img src="https://us.v-cdn.net/6032361/uploads/migrated/FWK0HI6D3AGS/o4-png.png" alt="o4.PNG" class="embedImage-img importedEmbed-img"></img></li> <li>Select the desired <strong>Authentication Policy</strong>.<br><img src="https://helpdesk.kaseya.com/hc/article_attachments/360040117792/wordpress3.PNG" alt="" class="embedImage-img importedEmbed-img"></img></li> <li>Select <strong>Add Application</strong>.</li> <li>Select <strong>Office 365</strong>.</li> <li> <strong>Configure Synchronization</strong>.<br>Passly supports synchronizing from the Universal Directory to Office 365.<br><strong>Enable Synchronization</strong>: Enable or disable synchronizing the Universal Directory with Office 365.<br><strong>UserName Mapping</strong>: The Passly attribute used in place of the user's User Principal Name.<br><strong>Default User License</strong>: A license can be applied to users when provisioned if Office 365 has been enabled.</li> <li>Select <strong>Permissions</strong>.</li> <li>Select <strong>Add Groups.<br></strong>Select the <strong>Group</strong> you chose in Step 2.</li> <li>Select <strong>Save Changes</strong>.</li> </ol><p> </p> <p><strong>Advanced Settings</strong></p> <p><strong>Prerequisites for Configuring Office 365 Federation</strong></p> <ul><li><strong><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=http%3A%2F%2Fgo.microsoft.com%2Ffwlink%2Fp%2F%3FLinkId%3D286152">Microsoft Online Service Sign-in Assistant for IT Professionals RTW </a></strong></li> <li> <strong><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=http%3A%2F%2Fgo.microsoft.com%2Ffwlink%2Fp%2F%3Flinkid%3D236297">Windows Azure Active Directory Module for Windows PowerShell (64-bit version)</a></strong> </li> </ul><p><strong><br>Configuring Office 365 Federation</strong></p> <ol><li>Open PowerShell and connect to the Office 365 services.<br>$creds = Get-Credential -Username -Message "Configure Office 365 Federation"<br>Connect-MSOLService -Credential $creds </li> <li>Execute the following script. This will enable federation with the required Passly settings. <br>$domain = ""<br>$issuer = "<a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2F%28%3CMy-Tenant%29.my.passly.com%2Ftrust">https://(<My-Tenant).my.passly.com/trust</a>"<br>$passiveLogon = "<a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2F%28%3CMy-Tenant%29.my.passly.com%2Ftrust%2Flaunch">https://(<My-Tenant).my.passly.com/trust/launch</a>"<br>$activeLogon = "<a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2F%28%3CMy-Tenant%29.my.passly.com%2Fservices%2Ftrust%2F2005%2Fmixed">https://(<My-Tenant).my.passly.com/services/trust/2005/mixed</a>"<br>$mexUri = "<a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2F%28%3CMy-Tenant%29.my.passly.com%2Fservices%2Ftrust%2Fmex">https://(<My-Tenant).my.passly.com/services/trust/mex</a>"<br>$signingCert = <br><strong>Note</strong>: The actual Signing cert will be displayed in the tenant when you Add the Application.<br><strong>Note</strong>: Replace (<My-Tenant) with your actual On-Demand tenant <br><br>Set-MsolDomainFederationSettings -DomainName $domain -IssuerUri $issuer -PassiveLogOnUri $passiveLogon -ActiveLogOnUri $activeLogon -MetadataExchangeUri $mexUri -SigningCertificate $signingCert<br></li> <li>Verify the configuration was applied. Run this command and check that the output matches the parameters specified above.<br>Get-MsolDomainFederationSettings -DomainName $domain </li> </ol><p> </p> <p><strong>Username attributes</strong></p> <p>If you are using a non-email format for your Passly usernames like the following:</p> <ul><li>john.smith</li> <li>jsmith</li> </ul><p>You might need to add a suffix to the organization to enable MFA authentications from thick clients like Skype for Business / Outlook.</p> <p>Follow these steps to add a Suffix to the organization to support the use of non-email address usernames.</p> <ol><li>Select <strong>Directory Manager</strong>.<br><img src="https://us.v-cdn.net/6032361/uploads/migrated/0CH6DEAEPILT/1-png.png" alt="1.PNG" class="embedImage-img importedEmbed-img"></img></li> <li>Select <strong>Organizations</strong>.<br><img src="https://us.v-cdn.net/6032361/uploads/migrated/CH17I8MTDFLU/2-png.png" alt="2.PNG" class="embedImage-img importedEmbed-img"></img></li> <li>Select the target organization.<br><img src="https://us.v-cdn.net/6032361/uploads/migrated/XCNMLLR2IO78/3-png.png" alt="3.PNG" class="embedImage-img importedEmbed-img"></img></li> <li>Select Edit<br><img src="https://us.v-cdn.net/6032361/uploads/migrated/LVR7SMBHCJXZ/5-png.png" alt="5.PNG" class="embedImage-img importedEmbed-img"></img></li> <li>Add the <strong>Principal Name Suffix</strong> to include the <a href="https://kaseya.vanillacommunities.com/profile/domain" rel="nofollow">@domain</a>. Example:<br><img src="https://us.v-cdn.net/6032361/uploads/migrated/7AYQUW5SFL0P/4-png.png" alt="4.PNG" class="embedImage-img importedEmbed-img"></img><br><strong>Note</strong>: Use the Office 365 domain that you are federating for the Principal Name Suffix including the @ symbol. </li> <li>Select <strong>Save changes</strong>.</li> </ol> </article> </main>