Target
- Customers who introduce HENNGE Access Control
- Customers who use Microsoft 365 as a groupware
Purpose
- Explains how to federate Microsoft 365 and HENNGE Access Control to perform access control.
※ If you want to integrate with other cloud services, perform Single Sign-on integration.
Notes
- Please check the necessary items according to the services and usage you are using.
- The content of this article is based on the product as of January 2025 and may be subject to change without notice thereafter.
Table of Contents
1. Change the default domain setting of Microsoft 365 (external link)
2. Disable the "Stay connected to your Outlook" feature on Outlook on the Web
3. Check the status of Exchange Online Modern Authentication activation
4. Collect HENNGE Device Certificate device information
5. Consider HENNGE Access Control operational policies
6. Configure HENNGE Access Control operational policies
User synchronization from Active Directory to Microsoft 365 and HENNGE Access Control
1. Organize users in Active Directory
2. Configure Microsoft Entra Connect and start user synchronization
3. Install HDEPasswordFilter.dll on all Domain Controllers (WS 2016 and later)
4. Install HENNGE Directory Sync Tool
5. Create an API client for running HENNGE Directory Sync Tool
6. Initial placement of HENNGE Directory Sync Tool configuration file (config.ini)
7. Run Assign-HDEOnePasswordSyncGroup.bat
8. Set passwords for synchronized users
9. Confirm password settings for synchronized users
10. Run HENNGE Directory Sync Tool
User synchronization between HENNGE Access Control and Microsoft 365
1. Change the object UPN to the onmicrosoft.com domain
2. Bulk registration/update/deletion of users
3. Admin Consent for user synchronization
4. Synchronize users from Microsoft 365 to HENNGE Access Control
5. Change passwords for users synchronized from Microsoft 365 to HENNGE Access Control
6. User synchronization from HENNGE Access Control to Microsoft 365
Allowing unread notifications for HENNGE Secure Browser at the tenant level
1. Setting unread notification for HENNGE Secure Browser
Settings required on the end user side to use HENNGE Access Control access control
1. Install HENNGE Secure Browser
2. Terminal authentication for HENNGE Secure Browser
3. Setting to receive OTP (One-Time Password) in the application
4. Setting to receive OTP (One-Time Password) by email
5. Issuance of HENNGE Device Certificate
6. Installation of HENNGE Device Certificate
7. Confirmation of HENNGE Device Certificate installation status
8. Installation of application to read HENNGE Device Certificate
Setting HENNGE Access Control access control policy
1. Assigning access policy groups to users
2. Testing the operation of access policy group policies for users
3. Assigning browser policy groups to users
Settings for using the HENNGE One portal site
1. Adding a Microsoft 365 link to the HENNGE One portal site
Connection between HENNGE Access Control and Microsoft 365
1. Federation connection work between Microsoft 365 and HENNGE Access Control
2. Federation confirmation between HENNGE Access Control and Microsoft 365
3. Disconnection of Microsoft Entra ID Modern Authentication
4. Connection work with services performing Single Sign-on (SSO)
Procedure
Preparation
1. Change the default domain setting of Microsoft 365
Change the setting of the default domain of the Microsoft 365 tenant to .onmicrosoft.com (initial domain of the Microsoft 365 tenant).
For details, please check with Microsoft or your Microsoft 365 reseller.
2. Disable the "Stay connected to your Outlook" feature on Outlook on the Web
3. Check the status of Exchange Online Modern Authentication
4. Collecting HENNGE Device Certificate Device Information
* If you are using HENNGE Device Certificate, please follow this item.
When issuing HENNGE Device Certificate, information about the target device is required.
Please select the target device and collect the information in advance.
5. Consideration of HENNGE Access Control Operational Policy
Consider the operational policy of HENNGE Access Control (rules for access control, items displayed on the login screen, etc.).
6. Configuration of HENNGE Access Control Operational Policy
Reflect the considered operational policy of HENNGE Access Control in the actual product settings.
- Login screen settings
- Password-related settings
- Secure Browsers (HENNGE Secure Browser) related settings
- Device certificate settings
- Other settings
User Synchronization from Active Directory to Microsoft 365 and HENNGE Access Control
If you synchronize users from Active Directory to HENNGE Access Control, please follow this item.
1. Organizing users in Active Directory
2. Configuration of Microsoft Entra Connect and Start of User Synchronization
For details, please check with Microsoft or your Microsoft 365 reseller.
3. Installation of HDEPasswordFilter.dll on all Domain Controllers (WS 2016 and later)
4. Installation of HENNGE Directory Sync Tool
5. Creating an API client for running HENNGE Directory Sync Tool
6. Initial placement of HENNGE Directory Sync Tool configuration file (config.ini)
7. Running Assign-HDEOnePasswordSyncGroup.bat
8. Setting passwords for synchronized users
Change the passwords for all users to be synchronized once.
9. Confirmation of password settings for synchronized users
10. Running HENNGE Directory Sync Tool
User Synchronization between HENNGE Access Control and Microsoft 365
If you synchronize users from HENNGE Access Control to Microsoft 365, please follow this item.
1. Change the UPN of objects other than users in Microsoft 365 to the onmicrosoft.com domain
2. Bulk registration / update / deletion of users
3. Admin Consent for User synchronization
4. Synchronization of Users from Microsoft 365 to HENNGE Access Control
* This section is for customers who have been using Microsoft 365 before introducing HENNGE One.
* This section is handled by HENNGE. Please inform your implementation guide of your request.
5. Changing Passwords for Users synchronized from Microsoft 365 to HENNGE Access Control
* This section is for customers who have completed "4. Synchronization of Users from Microsoft 365 to HENNGE Access Control".
Bulk registration / renewal / deletion of Users
6. User synchronization between HENNGE Access Control and Microsoft 365
* This section is handled by HENNGE. Please inform your implementation guide of your request.
Enabling Unread Notification for HENNGE Secure Browser at Tenant level
1. Setting Unread Notification for HENNGE Secure Browser
* This section is for customers using HENNGE Secure Browser.
Settings required on the end User side to use HENNGE Access Control access control
1. Installing HENNGE Secure Browser
* This section is for customers using HENNGE Secure Browser.
2. Terminal Authentication for HENNGE Secure Browser
* This section is for customers using HENNGE Secure Browser.
3. Setting to receive OTP (One-Time Password) in the application
* This section is for customers using OTP.
4. Setting to receive OTP (One-Time Password) via email
* This section is for customers using OTP.
5. Issuing HENNGE Device Certificate
* This section is for customers using HENNGE Device Certificate.
6. Installing HENNGE Device Certificate
* This section is for customers using HENNGE Device Certificate.
7. Checking the installation status of HENNGE Device Certificate
* This section is for customers using HENNGE Device Certificate.
8. Installing an application to load HENNGE Device Certificate
* This section is for customers using HENNGE Device Certificate.
Installing Microsoft Authenticator
Setting Access Control Policies for HENNGE Access Control
1. Assigning Access Policy Groups to Users
2. Testing the operation of Access Policy Group Policies
3. Assigning Browser Policy Groups to Users
* This section is for customers using HENNGE Secure Browser.
Settings for Using the HENNGE One Portal Site
1. How to Add a Microsoft 365 Link to the Access Control User Portal
* This section is for customers using the HENNGE One Portal Site.
Connecting HENNGE Access Control with Microsoft 365
1. Setting Up Federation Connection between HENNGE Access Control and Microsoft 365
2. Verifying Federation between HENNGE Access Control and Microsoft 365
3. Disconnecting Microsoft Entra ID Modern Authentication
4. Connecting with Services for Single Sign-On (SSO)
If you have services other than Microsoft 365 that require SSO, you can download the procedures with connection records from this section.