Office365 Integration
  • 3 Minutes to read
  • Dark
    Light
  • PDF

Office365 Integration

  • Dark
    Light
  • PDF

Prerequisites

  1. Office 365 tenant

  2. Download Office365 metadata and store it locally:

    1. Download Office metadata and store it locally on your machine
  3. LDAP or AD BlockID user directory

  4. Microsoft AzureAD module for Windows Powershell

Integration Steps

Adding the ImmutableID Attribute to BlockID

To get started we first need to add a new attribute to BlockID:

  1. Navigate to your** BlockID Administration Panel** and login as a Community Administrator.

  2. Select Settings -> BlockID Attributes

1.png

  1. Click "Add New"

2.png

  1. Under name, type immutableid

  2. Click Create

3.png

  1. Verify the immutableid attribute has appeared under BlockID Attributes

4.png

Add ImmutableID Attribute Mapping

Our next step is to map the the immutableid BlockID Attribute to Active Directory:

  1. Using the left-hand menu, navigate to Directory -> Directory Integrations

5.png

  1. Scroll to your AD or LDAP User Directory and click the edit icon to the right of the directory name

6.png

  1. Click on the Attributes mapping tab

7.png

  1. Select Add new mapping

8.png

  1. Enter a Directory attribute name to map to your Active Directory infrastructure.

    For this example we are using the postalcode Active Directory atttribute.


    Enter the following details:

    Directory attribute: postalcode

    BlockID attribute : immutableid

6. Click Create

9.png

  1. Confirm that the attribute has appeared in the Attributes mapping section.

10.png

Setup Office365 in BlockID

Adding Office365 as a Service Provider

Next we are going to setup Office365 as a service provider in our BlockID Administration Panel

  1. From the left-hand menu, navigate to Applications -> Add Application
  2. Scroll down to SAML 2.0 Generic and select Add Integration

11.png

  1. After reviewing the displayed information, select Add Application

12.png

Step 1: Basic Settings

  1. Basic Settings
    Provide the following details:

    Application Name: Office365 (or any other name of your choosing)

    Instance: Production or Sandbox

    Application access URL: https://login.microsoftonline.com/login.srf

  2. Click Next.

Step 2: SAML Settings

  1. Click Upload and select the Office metadata downloaded during the prerequisites.

13.png

  1. Under Assertion Statement (NameID)* select the following attributes from the drop-down menu:

    Format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent

    Value: immutableid

  2. Under Claims Mapping select Add new and enter the following attributes:

    Attribute: email

    Format: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mail

  3. Click Create.

  4. Select Next to advance to the next page.

Step 3: Advanced Options

Advanced Options will display several details that will have been populated by the uploaded metadata.

  1. Confirm all the details below:
    Entity ID: urn:federation:MicrosoftOnline

    Assertion Consumer Service:

    Method: POST

    URL: https://login.microsoftonline.com/login.srf

  2. Confirm the following details:​
    Assertion and Authentication request switches are activated.

    Signing Certificate and Encryption Certificate boxes are populated

    Key Size: 128
    Algorithm: http://www.w3.org/2000/09/xmldsig#rsa-sha1

  3. Click Save.

14.png

Setup BlockID in Office365

Ensure that the AzureAD module has been installed for Windows Powershell has been installed before continuing.

Our next step is to configure Office365 to work with our BlockID tenant

  1. Launch Windows Powershell and connect to the Azure AD domain you wish to federate with the following command:
Connect-MsolService

15.png

  1. The Microsoft login page will launch. Enter the Administrator credentials for the domain.

16.png

  1. After successfuly signing-in, enter the following command to check the status of our domain:

    Get-MsolDomain -Domainname <domain name>
    

    Enter your domain in place of <domain name>

17.png

  1. Enter the following information

    This example contains information that you will need to replace with details from your own domain

$domainname = "blockiddemo.com"

Enter your domain name.

$logoffuri = "https://1k-  dev.1kosmos.net/adminapi/community/default/slo"

Enter the landing page to direct your users to after they sign out of your application.

$passivelogonuri = "https://1k-dev.1kosmos.net/adminapi/community/default/sso" 

Enter your identity provider SAML HTTP-POST endpoint

$cert =        "MIICujCCAaICCQCNoHT0ux7ydjANBgkqhkiG9w0BAQsFADAfMQsw  CQYDVQQGEwJQTDEQMA4GA1UECAwHU2xhc2tpZTAeFw0yMTAzMjIxNjU5NTBaFw0yMjAzMjIxNjU5NTBaMB8xCzAJBgNVBAYTAlBMMRAwDgYDVQQIDAdTbGFza2llMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1MqdTQX++i9Tec8IYbwCmjwilkQKu6c0ZHzG+IiSYVZTF4B+/eSH40MM/BJZ8yfrixRxi7nhmviSCweueEWR5JbO/XYEGkls0jkLTdmJIv8OWAif1HeYJTN4yct7PHJ6Xh5r6kPlW6aE2jIwAvUF2YT+BfSdNUDNz7C35YUU2JzF4JWLoPp0e287oeNJa2zsyDdGsx8ZOQjNg8ucl+XFvXMSE7BaBBh7OlwaN9rvb2APVWl20axwog3LTK/hwR4gLswwOpveS4IRvkS7ReaIH5TZ9bszLT/KBZ7vNHThsixwF7zmG7EpVcXW+K0NYWdnxMCoUeHFhhM5eCS+3CcvTQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQDIgN+DJgouZJEe9ysEqTrAzDcgaWgVaSTrQGa1DNoWov0A3e35Bwensw61SKp20DB4SWF5GK9menIApfz30H6aoOd5mFcNWoYjkrVue+C5B2oEXCIua9TQc7iR7Np21Twb0Ylkxm/ThINdvPxnp4DXLoVF7BfOExEHvXoOOyw2Hmbpe1z57ds2g676cez4YwfTcZB+oYibvZVa+sO3f7KFjjHnBgoJC7ltxXzpreO+UcpSqVEnehhXj+rSRJ2wHcjHtyrcMxK7CkpVHgT9ZIJqd3MpQ3QKA5KxVt9q5QFr/4ZhdHFO8sq11XXwFDFkTB1Jjy5mYjqVHMj/lBQm2HPq"

Server certificate .pem file. Remove all spaces and newlines

$issueruri = "https://1k-dev.1kosmos.net/newui/default/idp3"

Issuer URI set by your Identity Provider

$protocol = "SAMLP"

To ensure domain uses SAML SSO

  1. Next, run the following command to set the configuration for your Azure AD domain:
Set-MsolDomainAuthentication -DomainName $domainname -FederationBrandName Athena-1kdev -Authentication Federated -IssuerUri $issueruri -LogOffUri $logoffuri -PassiveLogOnUri $passivelogonuri -SigningCertificate $cert -PreferredAuthenticationProtocol $protocol

18.png

  1. Run the following commands to retrieve SSL configuration for your Azure AD domain and validate the information is correct:
Get-MsolDomainFederationSettings -DomainName <domain name> | Format-List

19.png

Testing Office365 Integration

Next, we are going to test our Office365 integration to ensure everything is working.

  1. Open a web browser and navigate to https://www.office.com and select Sign-in

20.png

  1. You will be redirected to the Microsoft sign-in page. Enter your user email address and click Next.
    21.png

  2. After a quick loading message, users will will be redirected to the BlockID Login Page.

22.png

  1. Scan the QR code with the BlockID mobile application

23.png

  1. After successful authentication through the mobile application, the user is redirected to the Office365 portal.

    Select Yes when asked if you wish to stay logged in.

24.png

  1. That's it! Your user account will now be fully logged in to the Office365 environment.

25.png


Was this article helpful?