How to build the command line of HENNGE Access Control federation with Microsoft 365?

Target

For customers who wish to federate Microsoft 365 with HENNGE Access Control for authentication.

Purpose

This article will provide the necessary Power Shell command that is required to federate Microsoft 365 with HENNGE Access Control.

Precautions

1. If you are working with a HENNGE Engagement Guide, this procedure will not be necessary.

2. If there is more than one domain, this procedure is required for all domains to be federated.

3. HENNGE Access Control administrator account information (username and password) is required.

4. There may be minor differences between the appearance in the screenshots and that of the customer's environment.

5. This article is based on the product content of March 2019. May be revised without prior notice due to subsequent update or specification change.

Procedures

 

Constructing the Federation Command

1. Please copy-paste the following text into a new notepad as shown below.

$dom = "domain.com"
$puri = "https://ap.ssso.hdems.com/portal/domain.com/login/"
$issuer = "https://ap.ssso.hdems.com/sso/domain.com"
$auri = "https://ap.ssso.hdems.com/active/domain.com"
$mex = "https://ap.ssso.hdems.com/mex/domain.com"
$logoffuri = "https://ap.ssso.hdems.com/portal/domain.com/logout/"
$cert = "MIICIzCCAYwCCQDd7gVm57f09DANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJKUDEOMAwGA1UECAwFVG9reW8xEDAOBgNVBAcMB1NoaWJ1eWExEjAQBgNVBAoMCUhERSwgSW5jLjERMA8GA1UECwwIU2hvYm9zc28wHhcNMTEwNzA4MDQyODU0WhcNMzgxMTIyMDQyODU0WjBWMQswCQYDVQQGEwJKUDEOMAwGA1UECAwFVG9reW8xEDAOBgNVBAcMB1NoaWJ1eWExEjAQBgNVBAoMCUhERSwgSW5jLjERMA8GA1UECwwIU2hvYm9zc28wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL9DoqbhnJo+MP4QW67DXBcwS/hQgAoFDdkOk53B6zjQ94FNvJ/HDBc5APnntEHx98Xa2nNN8Ud83MPqtHmOryUxly4AYhbIYAGO+QyL90X+0FYW5ocZZlFAZqUoGnMprFT6uuh1Bzxzy8yuKRNykgx+xcmA2mmrlMVK8CAr/MhVAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEArFgg4fKgSp++r7t96TzezSHcbqqVj1fuY/JQUBjjPCpXyBOuX0VjiBt3AlilF6/tRJGdVJYpZIOVuTGBZFPF+aVW2ujC3ZnlxY8K5MoGZOX5MOtoKymtt4zUAOS6d3oWrgpxTmua9TYjKAt/RSvd4o0TuXsHACTeLvU5Sj0MW1Q="
Set-MsolDomainAuthentication -DomainName $dom -FederationBrandName $dom -Authentication Federated -PassiveLogOnUri $puri -ActiveLogOnUri $auri -SigningCertificate $cert -IssuerUri $issuer -MetadataExchangeUri $mex -LogOffUri $logoffuri

6.png

2. Please replace the [domain.com] part with your own domain to be federated.

$dom = "domain.com"
$puri = "https://ap.ssso.hdems.com/portal/domain.com/login/"
$issuer = "https://ap.ssso.hdems.com/sso/domain.com"
$auri = "https://ap.ssso.hdems.com/active/domain.com"
$mex = "https://ap.ssso.hdems.com/mex/domain.com"
$logoffuri = "https://ap.ssso.hdems.com/portal/domain.com/logout/"
$cert = "MIICIzCCAYwCCQDd7gVm57f09DANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJKUDEOMAwGA1UECAwFVG9reW8xEDAOBgNVBAcMB1NoaWJ1eWExEjAQBgNVBAoMCUhERSwgSW5jLjERMA8GA1UECwwIU2hvYm9zc28wHhcNMTEwNzA4MDQyODU0WhcNMzgxMTIyMDQyODU0WjBWMQswCQYDVQQGEwJKUDEOMAwGA1UECAwFVG9reW8xEDAOBgNVBAcMB1NoaWJ1eWExEjAQBgNVBAoMCUhERSwgSW5jLjERMA8GA1UECwwIU2hvYm9zc28wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL9DoqbhnJo+MP4QW67DXBcwS/hQgAoFDdkOk53B6zjQ94FNvJ/HDBc5APnntEHx98Xa2nNN8Ud83MPqtHmOryUxly4AYhbIYAGO+QyL90X+0FYW5ocZZlFAZqUoGnMprFT6uuh1Bzxzy8yuKRNykgx+xcmA2mmrlMVK8CAr/MhVAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEArFgg4fKgSp++r7t96TzezSHcbqqVj1fuY/JQUBjjPCpXyBOuX0VjiBt3AlilF6/tRJGdVJYpZIOVuTGBZFPF+aVW2ujC3ZnlxY8K5MoGZOX5MOtoKymtt4zUAOS6d3oWrgpxTmua9TYjKAt/RSvd4o0TuXsHACTeLvU5Sj0MW1Q="
Set-MsolDomainAuthentication -DomainName $dom -FederationBrandName $dom -Authentication Federated -PassiveLogOnUri $puri -ActiveLogOnUri $auri -SigningCertificate $cert -IssuerUri $issuer -MetadataExchangeUri $mex -LogOffUri $logoffur

※ The example below shows sampledomain.com as an example.

7.png

3. Now please follow the following procedure in the article below to execute the actual federation process.

HENNGE Access Control: Single Sign-on Setup (Microsoft 365)

Reference

 

          
Was this article helpful?

Frequently Asked Questions (FAQs)