HENNGE Access Control : Single Sign-on Setup (Microsoft 365)

Target

To the customer who is going to have Microsoft365 authentication controlled by the HENNGE Access Control via federation.

Purpose

This procedure aims to change the Microsoft 365 login to HENNGE. Access Control.

Caution

1. The Microsoft 365 login screen will be changed to HENNGE Access Control when the steps in this article are performed.

2. To activate federation for multiple domains, executing the command for all domains is required.

3. This procedure required the Microsoft 365 admin account(username&password).

Detailed Procedures

1. Connect to Microsoft 365 via the PowerShell

Please refer to the following article to make sure that the PowerShell application is able to connect to Microsoft 365.

How to use PowerShell on Windows?

2. Confirm the default setting on the Microsoft 365

2.1. Access the Microsoft 365 admin console, click 「Setting」 -> 「Domains」

Screenshot_2023-05-19_at_14.10.59.png

2.2.Please confirm if the Microsoft 365 initial domain 「xxx.onmicrosoft.com」is set as the default domain in the tenant.

If the Microsoft 365 initial domain is not set as the default domain, please kindly refer to the article and change it to 「xxx.onmicrosoft.com」

Screenshot_2023-05-19_at_14.18.05.png

Federation Procedure

1.2) Log in with your Administrator Account

First, run the Windows Azure Active Directory Module for Windows PowerShell that you have installed. 

1.2.1) Run the command below:

Connect-MsolService

1.2.2) After entering the command, a login dialog will pop up for you to input the login User name (xxx@yourdomain.onmicrosoft.com) and password of the administrator account that you choose to use.

Screen_Shot_2015-10-13_at_3.40.11_PM.png

1.3) Getting your Domain Information

After you have successfully logged in, to check the status of your domain environment with the command below:

Get-MsolDomain

Screen_Shot_2015-10-13_at_5.11.41_PM__1_.png

After executing the command, you will be able to see the information of two domain names:

  1. Your Access Control Domain
  2. Your Microsoft 365 Domain 

If both of the domains have "Verified" for "Status" column and "Managed" for "Authentication" column, it means that you are ready for the next step which is Configuring Single Sign-on Settings

1.4) Changing the Default Domain

Please change your default domain from yourdomain.com to yourdomain.onmicrosoft.com by executing the command below:

Set-MsolDomain -name yourdomain.onmicrosoft.com -IsDefault

(2) Configuring Single Sign-on Settings

Step 1 - Inputting Setting Commands

Please refer to the HENNGE One Connection Setting document (Spreadsheet format) that we have provided, in the "Microsoft 365 Setup" Sheet, please copy the line 13 to line 20 as shown as below:

Screen_Shot_2016-09-05_at_12.19.23_PM.png

After successfully copied the lines of command, paste them altogether on Powershell at once.

Screen_Shot_2015-10-14_at_11.54.55_AM.png

After pasting onto Powershell, be sure to press Enter once more to ensure the commands are all executed.

 

Step 2 - Confirming your Domain Information

Finally, to ensure that the setup is successfully being carried out, execute the command "Get-MsolDomain" to make sure that the "Authentication" column for "yourdomain.com" is "Federated". 

Screen_Shot_2015-10-14_at_1.49.44_PM.png

If so, it means that the Single Sign-on Setup for your domain environment is completed and the users in your cloud environment could log in to all of the services using one single account.

(Optional) Disabling Single Sign-on 

To disable the Single Sign-on for your domain environment, simply execute the command below (Replace "yourdomain.com" to Your domain address) :

Set-MsolDomainAuthentication -Authentication Managed -DomainName yourdomain.com

This command will change the "Authentication" of your domain from "Federated" to "Managed". Hence, disabling the Single Sign-on.

          
Was this article helpful?