Target
Customers who have introduced HENNGE Access Control in Microsoft 365 are eligible.
Purpose
Federate Microsoft 365 with HENNGE Access Control to perform access control.
Additionally, if there are other cloud services that need to be integrated, perform Single Sign-on integration.
Notes
1. Please check the necessary items according to the service and usage you are using.
2. The content of this article is based on the product as of May 2024 and may be subject to change without notice thereafter.
Table of Contents
1.1. Change default domain settings in Microsoft 365 (external link)
1.2. Disable the "Stay connected to your Outlook" feature on Outlook on the Web
1.3. Check the status of Exchange Online Modern Authentication activation
1.4. Collect HENNGE Device Certificate device information
1.5. Consider HENNGE Access Control operational policies
1.6. Configure HENNGE Access Control operational policies
2. User synchronization from Active Directory to Microsoft 365 and HENNGE Access Control
2.1. Organize users in Active Directory
2.2. Configure Microsoft Entra Connect and start user synchronization
2.3. Install HDEPasswordFilter.dll on all Domain Controllers (WS 2016 and later)
2.4. Install HENNGE Directory Sync Tool
2.5. Create an API client for running the HENNGE Directory Sync Tool
2.6. Initial placement of HENNGE Directory Sync Tool configuration file (config.ini)
2.7. Run Assign-HDEOnePasswordSyncGroup.bat
2.8. Set passwords for synchronized users
2.9. Confirm password settings for synchronized users
2.10. Run the HENNGE Directory Sync Tool
3. User synchronization between HENNGE Access Control and Microsoft 365
3.1. Change object UPN to onmicrosoft.com domain
3.2. Bulk registration / update / deletion of users
3.3. Admin Consent for user synchronization
3.4. Synchronize users from Microsoft 365 to HENNGE Access Control
3.5. Change passwords for users synchronized from Microsoft 365 to HENNGE Access Control
3.6. User synchronization between HENNGE Access Control and Microsoft 365
4. Allow unread notifications for HENNGE Secure Browser at the tenant level
4.1. Configure unread notification settings for HENNGE Secure Browser
5. End-user settings required to use HENNGE Access Control access control
5.1. Install HENNGE Secure Browser
5.2. Terminal authentication for HENNGE Secure Browser
5.3. Receive OTP (One-Time Password) in the application settings
5.4. Receive OTP (One-Time Password) via email settings
5.5. Issue HENNGE Device Certificate
5.6. Install HENNGE Device Certificate
5.7. Check the installation status of HENNGE Device Certificate
5.8. Install an application to load HENNGE Device Certificate
6. Configure HENNGE Access Control access control policies
6.1. Assign access policy groups to users
6.2. Test the operation of access policy group policies
6.3. Assign browser policy groups to users
7. Configuration for using HENNGE One portal site
7.1. Add a link to Microsoft 365 on the HENNGE One portal site
8. Connection between HENNGE Access Control and Microsoft 365
8.1. Perform federation connection between Microsoft 365 and HENNGE Access Control
8.2. Confirm federation between HENNGE Access Control and Microsoft 365
8.3. Disconnect Microsoft Entra ID Modern Authentication
8.4. Connect with services that perform Single Sign-on (SSO)
1.Preparation
1.1. Changing the Default Domain Setting in Microsoft 365
Change the setting of the default domain for the Microsoft 365 tenant to .onmicrosoft.com (initial domain of the Microsoft 365 tenant).
For more details, please check with Microsoft or your Microsoft 365 reseller.
1.2. Disabling the "Stay connected to your Outlook" feature on Outlook on the Web
1.3. Checking the status of Exchange Online Modern Authentication
1.4. Collecting HENNGE Device Certificate Device Information
* If you are using the HENNGE Device Certificate, please complete this item.
When issuing the HENNGE Device Certificate, information about the target device is required.
Please select the target device and collect the necessary information in advance.
1.5. Reviewing HENNGE Access Control Operational Policies
Review the operational policies of HENNGE Access Control (rules for access control, items displayed on the login screen, etc.).
1.6. Setting HENNGE Access Control Operational Policies
Reflect the reviewed operational policies of HENNGE Access Control in the actual product settings.
- Login screen settings
- Password-related settings
- Secure Browsers (HENNGE Secure Browser) related settings
- Device certificate settings
- Other settings
2. User Synchronization from Active Directory to Microsoft 365 and HENNGE Access Control
* If you are synchronizing users from Active Directory to HENNGE Access Control, please complete this item.
2.1. Organizing Users on Active Directory
2.2. Configuring Microsoft Entra Connect and Starting User Synchronization
For more details, please check with Microsoft or your Microsoft 365 reseller.
2.3. Installing HDEPasswordFilter.dll on all Domain Controllers (WS 2016 and later)
2.4. Installing the HENNGE Directory Sync Tool
2.5. Creating an API Client for Running the HENNGE Directory Sync Tool
2.6. Initial Setup of HENNGE Directory Sync Tool Configuration File (config.ini)
2.7. Executing Assign-HDEOnePasswordSyncGroup.bat
2.8. Setting Passwords for Synchronized Users
Change the passwords of all users who will be synchronized.
2.9. Confirming Password Settings for Synchronized Users
2.10. Executing HENNGE Directory Sync Tool
3. Synchronizing Users between HENNGE Access Control and Microsoft 365
* If you are synchronizing users from HENNGE Access Control to Microsoft 365, follow this section.
3.1. Changing UPN of Objects Other Than Users on Microsoft 365 to onmicrosoft.com Domain
3.2. Bulk User Registration / Renewal / Deletion
- Bulk User Registration
- Bulk User Renewal
- Bulk User Deletion
3.3. Admin Consent for User Synchronization
3.4. Synchronizing Users from Microsoft 365 to HENNGE Access Control
* This section is for customers who have been using Microsoft 365 before introducing HENNGE One.
* This section involves operations by HENNGE. Please inform your implementation guide for assistance as needed.
3.5. Changing Passwords of Users Synchronized from Microsoft 365 to HENNGE Access Control
* This section is for customers who have completed "3.4. Synchronizing Users from Microsoft 365 to HENNGE Access Control".
- Bulk User Registration / Renewal / Deletion (Modern View)
3.6. Synchronizing Users between HENNGE Access Control and Microsoft 365
* This section involves operations by HENNGE. Please inform your implementation guide for assistance as needed.
4. Allowing Unread Notification for HENNGE Secure Browser at Tenant Level
4.1. Setting Unread Notification for HENNGE Secure Browser
* This section is for customers using HENNGE Secure Browser.
5. End User-Side Settings Required to Use HENNGE Access Control Access Control
5.1. Installing HENNGE Secure Browser
* This section is for customers using HENNGE Secure Browser.
5.2. HENNGE Secure Browser Device Authentication
* This section is for customers using HENNGE Secure Browser.
5.3. Setting up OTP (One-Time Password) reception in the application
* This section is for customers using OTP.
5.4. Setting up OTP (One-Time Password) reception via email
* This section is for customers using OTP.
5.5. Issuing HENNGE Device Certificate
* This section is for customers using HENNGE Device Certificate.
5.6. Installing HENNGE Device Certificate
* This section is for customers using HENNGE Device Certificate.
5.7. Checking the installation status of HENNGE Device Certificate
* This section is for customers using HENNGE Device Certificate.
5.8. Installing the application to load HENNGE Device Certificate
* This section is for customers using HENNGE Device Certificate.
Depending on the service that integrates with HENNGE Access Control, the required applications may vary.
For details, please consult your implementation guide.
- Installing Microsoft Authenticator
6. Setting Access Control Policies in HENNGE Access Control
6.1. Assigning Access Policy Groups to Users
6.2. Testing the operation of Access Policy Group Policies
6.3. Assigning Browser Policy Groups to Users
* This section is for customers using HENNGE Secure Browser.
7. Configuration for Using HENNGE One Portal Site
7.1. Adding a Microsoft 365 link to the HENNGE One Portal Site
* This section is for customers using the HENNGE One Portal Site.
8. Connecting HENNGE Access Control with Microsoft 365
8.1. Setting up Federation Connection between HENNGE Access Control and Microsoft 365
8.2. HENNGE Access Control and Microsoft 365 Federation Verification
8.3. Disconnecting Microsoft Entra ID Modern Authentication
8.4 Connecting with Services Performing Single Sign-On (SSO)
If you have services other than Microsoft 365 that perform SSO, you can download the procedures for connecting from this section.