[Notification] We're upgrading the JumpCloud Support Center the week of September 30th.

Support Center

Configuring Office 365 as a SAML SSO Service Provider

Note: To configure SSO for Office 365 in JumpCloud, see Single Sign On (SSO) with Office 365

This KB covers:

 

Additional Information Regarding Configuring the Service Provider (Office 365)

You can only configure Microsoft Office 365 as an SSO Service Provider using commands in the MSOnline for Azure Active Directory module. This module can only be installed on Windows machines.

Commands to Run in the MSOline Module


Run the Set-MsolDomainAuthentication command in the MSOnline module to:
  • Set the Office 365 tenant's authentication type to Federated
  • Enable SSO based login for all users logging in with an email that machines the federated domain.
Run the Get-MsolDomain command to see the current authentication type for all of your Office 365 domains. This command shows all registered domains and their authentication type. An authentication type of Managed represents the default password-based authentication. An authentication type of Federated represents SAML SSO authentication.

Learn how to Authorize Users to an SSO Application
 

JumpCloud.Office365.SSO Commands


To assist JumpCloud admins with populating the other mandatory parameters for the command Set-MsolDomainAuthentication, JumpCloud has created the JumpCloud.Office365.SSO PowerShell module. You can download this module from the PowerShell gallery.

The module uses an XML metadata file for the SSO Office 365 application inside the JumpCloud admin portal to populate the fields required to enable, disable, and show the current status of Office 365 SSO.


The JumpCloud.Office365.SSO PowerShell module has the following commands:  

Show-JumpCloud.Office365.SSO

The Show-JumpCloud.Office365.SSO command shows the current authentication settings for the Office 365 domain. This command is a wrapper for the Get-MsolDomainFederationSettings command.  

To use this command:
  1. Run the Powershell console as an admin. 
  2. Navigate to the directory where the JumpCloud Office 365 metadata XML file is located.
  3. Run the command: 

    Show-JumpCloud.Office365.SSO -XMLFilePath .\JumpCloud-office365-metadata.xml

    Where the parameter -XMLFilePath corresponds to the path of the JumpCloud Office 365 metadata file.
Command Execution Order
  1. This command first checks and ensures that MSOnline module is installed. If this module isn't installed, it installs it from the PowerShell gallery.
  2. After installing the MSOnline module, the command prompts users to log in with their Office 365 administrator account to connect to the Office365 tenant, unless a valid credential detected.
  3. Finally, the command runs the Get-MsolDomainFederationSettings command with the domain value populated in the JumpCloud Office 365 XML metadata file, and returns the current Federation Settings for this domain.

Notes:
  • It may take several minutes for changes to take effect in Office 365.
  • Run Get-MsolDomain to inspect the current settings for your domain.
  • If you have issues with the module, you can manually disable SSO by running this command: 

    Set-MsolDomainAuthentication -DomainName $domain -Authentication Managed
 

Disable-JumpCloud.Office365.SSO

The Disable-JumpCloud.Office365.SSO command sets an Office365 domain for Managed (password-based) authentication, and requires the JumpCloud Office 365 XML metadata file to fill values for the required fields of the Set-MsolDomainAuthentication command.

To use this command:

  1. Run the PowerShell console as an administrator.
  2. Navidate to the directory where the JumpCloud Office 365 metadata XML file is located.
  3. Run the command:

    Disable-JumpCloud.Office365.SSO -XMLFilePath .\JumpCloud-office365-metadata.xml
Command Execution Order
  1. This command first checks and ensures the MSOnline module is installed. If this module isn't installed, it installs it from the PowerShell gallery.
  2. After installing the MSOnline module, it prompts users to log in with their Office365 administrator account to connect to the Office365 tenant, unless a valid credential detected.
  3. Finally, the command runs the Set-MsolDomainAuthentication command with the required parameters for Federated authentication filled from the JumpCloud Office 365 XML metadata file.

It can take up to 20 minutes for the Office 365 sign in process to update to Managed across all Microsoft tenants and to be reflected in the JumpCloud user console.

 
 

Last Updated: Aug 20, 2019 09:56AM MDT

Related Articles
desk-forwarding@jumpcloud.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete