Enabling Single Sign-On to Microsoft Office 365

To enable single sign-on to Office 365, perform the following tasks:

Enabling Directory Synchronization in Office 365

  1. Log in to the domain-joined computer where you have installed the following components:

    • Microsoft Online Services Sign-in Assistant.

    • Microsoft Azure Active Directory Module for Windows PowerShell.

    • Azure AD Connect tool.

  2. Launch Azure AD Connect on the domain-joined computer.

  3. In Express Settings, click Use express settings.

  4. In User Sign-in, select Do not Configure.

  5. Click Next.

  6. Specify the Azure AD global administrator credentials in Connect to Azure AD.

  7. Click Next.

  8. In Identifying users, select Choose a specific attribute.

  9. Select objectGUID.

  10. Verify the Active Directory Synchronization and activate the Office 365 licensing for the unlicensed but synchronized user

Federating the Custom Domain Using Advanced Authentication

  1. Launch Windows PowerShell.

  2. Run the following command to connect to your Office 365 tenant:

    Connect-MsolService

  3. Specify the tenant administrator credentials of your office 365 domain.

  4. Click Sign in.

  5. Run the following command to verify whether your Office 365 domain is federated:

    get-msoldomain -domain samplecompany.com

    In this example, get-msoldomain -domain realticsol.com

    In case the authentication type of your Office 365 domain is set to Federated, you must convert the authentication type to Managed using the following command:

    Set-MsolDomainAuthentication –DomainName realticsol.com -Authentication Managed

  6. Run the following commands:

    • $dom="fully_qualified_domain_name"

      In this example, $dom="realticsol.cf".

    • $uri="https://AdvancedAuthenticationServerAddress/osp/a/TOP/auth/saml2/metadata"

      In this example, $uri="https://caf.realticsol.cf/osp/a/TOP/auth/saml2/metadata"

    • $url="https://AdvancedAuthenticationServerAddress/osp/a/TOP/auth/saml2/sso"

      In this example, $url"https://caf.realticsol.cf/osp/a/TOP/auth/saml2/sso"

    • $logoutUrl="https://AdvancedAuthenticationServerAddress/osp/a/TOP/auth/saml2/slo"

      In this example, $logoutUrl="https://caf.realticsol.cf/osp/a/TOP/auth/saml2/slo"

    • $protocol="SAMLP"

    • $cert="paste the signing certificate copied from Server options of Advanced Authentication."

  7. Run the following command to convert your Office 365 domain to Federated authentication:

    Set-MsolDomainAuthentication –DomainName $dom -Authentication Federated -PassiveLogOnUri $url -IssuerUri $uri -LogOffUri $logoutUrl -PreferredAuthenticationProtocol SAMLP -SigningCertificate $cert

  8. Run the following command to verify the federation settings of your Office 365 domain:

    Get-MsolDomainFederationSettings -domain samplecompany.com

    In this example, Get-MsolDomainFederationSettings -domain realticsol.cf