Skip to main content
日本語 简体中文 繁體中文

[Access Control] Federation Connection Process with Microsoft 365

Target

  • Customers federating Microsoft 365 authentication with Access Control

Purpose

  • To configure federation between Access Control and Microsoft 365, allowing login to Microsoft 365 from Access Control.

Notes

  1. At the point of executing the procedures in this article, the Microsoft 365 login screen will be changed to Access Control.
    Ensure that all previous setup steps, such as user synchronization and access control settings, are completed in advance.
    [Access Control] Setup Procedure List (Microsoft 365)
  2. Information (username and password) of the global administrator account for the Microsoft 365 tenant is required.

  3. The procedures in this article require a Microsoft 365 Global Administrator account. 
    * We recommend using the Microsoft 365 initial domain (the domain containing .onmicrosoft.com).

  4. The content of this article is based on the product as of October 2025 and may change without notice thereafter.
  5. Federation cannot be enabled for the default domain.
  6. Global administrator privileges for Access Control are required for actual screen verification and configuration changes.
    Please refer to the following article for how to access the Administration.
    How to Access the Access Control Administration

Preparation

Confirm Default Domain

Verify that federation is possible in the Microsoft 365 tenant.

  1. Access the Microsoft 365 Administration and click [View All] in the menu on the left side of the screen.

  2. Click [Settings] - [Domains] in the menu on the left side of the screen.

  3. Confirm that "Default" is displayed for domains not federated with Microsoft 365.
    ※ If the domain targeted for federation is the default domain, please refer to the following article to change the default domain.
    [Access Control] Change the Default Domain of Microsoft 365

Integration with Microsoft

  1. Access [System] - [Edit Connected Service] from the Access Control Administration.

  2. If the following settings do not exist in "Edit Connected Service", proceed to step 3.
    Display Name: Microsoft
    Type: Microsoft

  3. Click [Add New Service] at the top right of the screen.

  4. In the "Add New Service" screen, click [Add New Service].

  5. Select [Use a preset service] - [Microsoft].

  6. Make the necessary settings and click [Save Changes].

  7. Return to the "Edit Connected Service" screen and confirm that the following settings exist to complete the process.
    Display Name: Microsoft
    Type: Microsoft

Procedure

  1. Access Control Administration, go to [System] - [Edit Connected Service].

  2. Select [Microsoft] created in Preparation - Integration with Microsoft.

  3. In the "Edit Connected Service" screen, under "Access Policy Groups allowing this Connected Service," turn on [Allow] for the group that allows access to Microsoft 365, and click [Save Changes].
    ※ If you have a Pro plan, you can control access conditions by Access Policy Group.
    For details, please refer to the article below.
    [Access Control] Creating/Editing Access Policy Groups - "Items (Allowed services)"

  4. Open "Edit Connected Service" again, and click [Federated Domains] - [Manage Domains].

  5. The [Required Permissions] screen will be displayed, check [Consent on behalf of your organization] and select [Accept].
    ※ If the screen does not appear and you proceed to the next screen, it means authentication is already completed, so proceed to the next step.

  6. The "Domain Management" screen will be displayed, click [Federate] for the domain to be federated.

    ※ If you are upgrading a domain that was previously federated using Powershell, click [Upgrade] for the domain marked as [Federated (Legacy)].

    Domain Upgrade.png

  7. A pop-up will appear. Please review the precautions, and if everything looks correct, check the[ I have confirmed that the necessary steps have been completed. ] box and click [ Federate Domain ].
    ※ In the case of an upgrade, it will display [Upgrade Domain].
    ※ By performing this step, login to Microsoft 365 will go through Access Control.
    Ensure that all previous implementation steps, such as user synchronization and access control settings, are completed beforehand.
    [Access Control] Implementation Steps List (Microsoft 365)

  8. Confirm that the "Status" of the target domain is "Federated" and click [Close].