Seqrite Zero Trust

Microsoft Office 365

Print Friendly, PDF & Email

The purpose of this document is to provide instructions on how to configure and manage Office 365 to enable SAML integration.

  1. Adding a domain to Office 365
  2. Adding the SaaS application to Seqrite ZTNA
  3. Configuring domain federation for Office 365 using a script
  4. Configuring domain federation for Office 365 manually
  5. Removing federation settings by executing the PowerShell command
  6. Accesing Office 365

1. Adding a domain to Office 365

To add the domain in Office 365, refer the following document.
Add a domain to Microsoft 365

2. Adding the SaaS application to Seqrite ZTNA

To add the SaaS application follow these steps:

  1. Log into Seqrite ZTNA admin console.
  2. Navigate to the Applications section.
  3. Navigate to the SaaS Applications tab and click.
  4. To add Office 365 application click Browse SaaS Application Catalog.
  5. Click Add + of Microsoft Office 365 application card.
  6. Enter the Application Name. Provide the Application Description and Logo if any.
  7. Select the following checkboxes as appropriate to control access from managed laptops, desktops, or mobile devices.
    • Allow access from registered Seqrite ZTNA-compliant devices:
      Only users with registered Seqrite ZTNA-compliant devices (on which the Seqrite ZTNA agent is installed and active), including both desktops and laptops, can access the applications.
    • Allow access from Seqrite Workspace:
      Mobile users are able to access applications only through the Workspace. To know more about accessing SaaS application through Seqrite Workspace, see Seqrite EMM Documentation.
  8. Click Add to add the application.

    9. Note

    • When Azure AD is selected as an identity provider, it effectively blocks the capability to utilize Office 365 as a SaaS application.
    • In case of custom SSL certificate, add CNAME record of Site DNS and shpsso.yourdomain.com in your domain’s DNS records.

3. Configuring domain federation for Office 365 using a script

To configure domain federation for Office 365 using a script, follow these steps:

  1. Download the configuration script from the pop-up menu of Office 365 application.

    2. Important
    Ensure that the domain you intend to federate is not set as the default domain before executing the script.

    Navigate to the Office 365 Admin Center and access the domain section. Set the default domain to a Microsoft domain (For Example, domain.onmicrosoft.com).

    Download_Script

  2. Execute the downloaded script in Windows PowerShell with Administrator privileges.
    1. To configure domain federation for Office 365, select option 1.
      1. Enter the domain name you want to federate and the script will configure domain federation for Office 365.
      2. PowerShell will prompt you to log into your Office 365 account. Use your onmicrosoft.com admin email to log in.
        O365 Login
    2. To add new users under the federated domain in Office 365, select option 2.
      1. Add a single user using PowerShell or upload a CSV file to add multiple users at once.
        Adding Multiple Users
    3. Update existing users to work with a federated domain, select option 3.

    Note

    • If you run into any problems, you can execute this command to modify the execution policy of PowerShell, which allows the execution of scripts without any restrictions.
      Set-ExecutionPolicy -ExecutionPolicy Unrestricted - Doc
    • The script must be executed for any modifications to be applied in the aforementioned three steps: Configuring Office, Creating New User, or Updating Existing Users.

    4. Configuring domain federation for Office 365 manually

    To configure domain federation for Office 365 manually, follow these steps:

    1. After adding the application, click the Manage option from the popup menu to check the SAML settings.
      MAnage Option
      MAnage Option
    2. Install MS-Online Module by running the following command on Windows PowerShell (Run as administrator) 
      Install-Module MSOnline
    3. Connect to the Office 365 account using the following command: You need to log in using the administrator account in Office 365. Note that this admin account needs to be on a different domain than the one that will be federated, such as the Microsoft default domain (For Example, domain.onmicrosoft.com). 
      Connect-MsolService
    4. Run the following commands in PowerShell:

      Note
      By selecting the Manage option from the popup menu, you can access the values for $domain, $LogOnUrl, $LogOffUrl, $SigningCert, and $url (ISSUER URL).

    5. Execute the following command to set up the above mentioned parameters. Ensure that the command runs without any errors.

      Set-MsolDomainAuthentication -DomainName $domain -FederationBrandName $BrandName -Authentication federated -PassiveLogOnUri $LogOnUrl -SigningCertificate $SigningCert -IssuerUri $uri -LogOffUri $LogOffUrl -PreferredAuthenticationProtocol $Protocol
    6. To confirm the successful configuration of the domain, execute the following command. 
      Get-MsolDomainFederationSettings -domainname example.com | fl *
    7. The output should be like this:
      Output
    8. To add the new users to the federated domain, execute the following command: 
      New-MsolUser -UserPrincipalName martin@yourdomain.com -ImmutableId martin@yourdomain.com -DisplayName "Martin Powell" -FirstName Martin -LastName Powell
    9. To update the existing users to work with the federated domain, execute the following command: 
      Set-MsolUser -UserPrincipalName martin@yourdomain.com -ImmutableId martin@yourdomain.com

5. Removing federation settings by executing the PowerShell command

To remove federation settings, run the following PowerShell command.

Set-MsolDomainAuthentication -DomainName $dom -Authentication Managed

6. Accessing Office 365

Office 365 can be accessed in two ways:

  1. Outside the user portal
  2. From the user portal

Accessing Office 365 Outside the User Portal

To access the Office 365 out side the user portal, follow these steps:

  1. On the www.office.com, click Sign In.
  2. Enter user ID and click Next.

    3. The ZTNA Single sign on page is displayed.

  3. Click OPEN USER PORTAL.

    The ZTNA Access Account page is displayed.

    4. Note: The login options shown to users depend on the admin configuration in the Zero Trust Admin Console under the Sites page.

    • If both Seqrite IDP and AD IDP are configured, users will see two login options and can choose how to proceed.
    • If only one IDP (either Seqrite or AD) is configured, the login page will automatically redirect to the username and password screen without showing any options.
  4. Click Domain Credentials, enter username and password, click Sign In.

  5. Once the user portal is authenticated, click the Sign in to your account tab and click Yes.

    6. Office 365 dashboard is displayed.

  6. Click Apps to access Office 365 apps.

In this way you can access Office 365 outside the user portal.

Accessing Office 365 from the User Portal

To access the Office 365 from the user portal, follow these steps:

  1. Login to Zero Trust portal, click Domain Credentials.

  2. Enter credentials and click Sign In.


    User portal dashboard is displayed.

  3. Click Unee_O365.
    Office 365 page is displayed.
  4. On the www.office.com, click Sign In.
  5. Enter user ID and click Next.

    6. The ZTNA Single sign on page is displayed.

  6. Click OPEN USER PORTAL.

    A new tab with user portal dashboard is open.
    Note:You can close this tab, as user portal dashboard is already open.

  7. click the Sign in to your account tab and click Yes.


    Office 365 dashboard is displayed.

  8. Click Apps to access Office 365 apps.

In this way you can access Office 365 from the user portal.

Was this page helpful?
Yes No