This article consists of the instructions on how to correctly setup the Access Control Single Sign-on environment between your HENNGE One domain environment and your Microsoft 365 domain. Before beginning the setup, you have to ensure that your machine is meeting the setup's prerequisites.
For the set values, please see your Connection Settings document that we have provided.
Prerequisites of setting up Access Control Single Sign-on
(i) HENNGE One Directory Sync is installed and functioning properly.(Microsoft 365 with Windows Active Directory)
If your machine has not install HENNGE One Directory Sync or it is not working properly that you may want to try installing it again,
Please refer to this article: HENNGE Access Control : HENNGE One Directory Sync (Microsoft 365 with Windows Active Directory)
(ii) A Windows machine that is installed with:
Please refer to this article: How to use PowerShell on Windows?
After assuring that your Windows machine is installed with the requirements above, you may now proceed to the actual setup.
(1) Connecting to Microsoft 365
1.1) Creating an Administrative Account on Microsoft 365 (Optional)
One administrative account on Microsoft 365 is required to be used for the setup, so if you choose to use an existing administrative account on Microsoft 365 (firstname.lastname@example.org), you may use it for the setup and skip to 1.2).
Otherwise, you may want to create a new administrative account with "Global Administrator" admin role on Microsoft 365 specifically for this setup. Please note that it is unnecessary for this administrative account to have any license because simply the "Global Administrator" admin role is sufficient. Also, you may even delete the particular account that you have specifically created for this setup if you choose to after this entire setup is completely done.
To create a new administrative account on Microsoft 365, simply use your existing administrative account to log into the Microsoft 365 admin center and go to USERS -> Active Users interface to click on the Plus button.
After clicking on the Plus button, an interface to create a new account will pop up. Please input the user account details accordingly and create the new user account. For the password, it is recommended to have a specific password since this account is created for the purpose of this setup only. Please note that the User name (email@example.com) and the password will be used as login details for the Microsoft Online Services Sign In via PowerShell.
Select the new account as shown as below, click on "EDIT USER ROLES" button on the right panel.
Please be sure to select "Global administrator" to grant the account the administrative access. Input an alternate email address to complete the process.
Once the newly created account is successfully granted with "Global administrator" admin role, you are ready to use it to log into the Microsoft Online Services Sign In via PowerShell.
1.2) Log in with your Administrator Account
First, run the Windows Azure Active Directory Module for Windows PowerShell that you have installed.
1.2.1) Run the command below:
1.2.2) After entering the command, a login dialog will popup for you to input the login User name (firstname.lastname@example.org) and password of the administrator account that you choose to use.
1.3) Getting your Domain Information
After you have successfully logged in, to check the status of your domain environment with the command below:
After executing the command, you will be able to see the information of two domain names:
- Your Access Control Domain
- Your Microsoft 365 Domain
If both of the domains have "Verified" for "Status" column and "Managed" for "Authentication" column, it means that you are ready for the next step which is Configuring Single Sign-on Settings.
1.4) Changing the Default Domain
Please change your default domain from yourdomain.com to yourdomain.onmicrosoft.com by executing the command below:
Set-MsolDomain -name yourdomain.onmicrosoft.com -IsDefault
(2) Configuring Single Sign-on Settings
Step 1 - Inputting Setting Commands
Please refer to the HENNGE One Connection Setting document (Spreadsheet format) that we have provided, in the "Microsoft 365 Setup" Sheet, please copy the line 13 to line 20 as shown as below:
After successfully copied the lines of command, paste them altogether on Powershell at once.
After pasting onto Powershell, be sure to press Enter once more to ensure the commands are all executed.
Step 2 - Confirming your Domain Information
Finally, to ensure that the setup is successfully being carried out, execute the command "Get-MsolDomain" to make sure that the "Authentication" column for "yourdomain.com" is "Federated".
If so, it means that the Single Sign-on Setup for your domain environment is completed and the users in your cloud environment could log in to all of the services using one single account.
(Optional) Disabling Single Sign-on
To disable the Single Sign-on for your domain environment, simply execute the command below (Replace "yourdomain.com" to Your domain address) :
Set-MsolDomainAuthentication -Authentication Managed -DomainName yourdomain.com
This command will change the "Authentication" of your domain from "Federated" to "Managed". Hence, disabling the Single Sign-on.