Okta

How to Configure SAML 2.0 for Microsoft Office 365 WS Federation

Prepare your domain for federated authentication

  1. If you have not already, import your users into Okta from Active Directory. Office 365 SSO will only work with users imported from Active Directory.
  2. Follow the instructions here to install Microsoft DirSync and synchronize your Active Directory users to Office 365.
  3. Follow the instructions here under the heading Install the Office 365 cmdlets to install the Microsoft Online Services Sign-In Assistant and the Microsoft Online Services Module for Windows Powershell.

Configure your domain in the Microsoft Online Services Module for Windows PowerShell

Converting a domain to federated authentication will affect all users in the domain.

  1. In PowerShell, type Connect-MsolService and enter your administrator credentials for your Office 365 domain when prompted.
  2. If your domain is not already federated, enter the following: Set-MsolDomainAuthentication -DomainName cme.com. -Authentication Federated -FederationBrandName Okta -IssuerUri k1o7oit7CZDUKODQCSQU -PassiveLogOnUri https://vladdha.trexcloud.com/app/office365/k1o7oit7CZDUKODQCSQU/sso/wsfed/passive -ActiveLogOnUri https://vladdha.trexcloud.com/app/office365/k1o7oit7CZDUKODQCSQU/sso/wsfed/active -MetadataExchangeUri https://vladdha.trexcloud.com/app/office365/k1o7oit7CZDUKODQCSQU/sso/wsfed/mex -LogOffUri https://vladdha.trexcloud.com/app/office365/k1o7oit7CZDUKODQCSQU/sso/wsfed/signout -SigningCertificate MIICmTCCAgKgAwIBAgIGATyjlva+MA0GCSqGSIb3DQEBBQUAMIGPMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEDAOBgNVBAMMB3ZsYWRkaGExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMTMwMjA0MDUwMzA1WhcNNDMwMjA0MDUwNDA1WjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRAwDgYDVQQDDAd2bGFkZGhhMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTltljRtY1X7p4SL/Zx0ONcceU9/ltXdn7vEbfm4eXfxfKXsYksNXNpsGEDmB71YRFEuDabnVOS7juvUW8TMViaB6337hcTrZ3au0OLKKhVGWY3QG4sR0YlJy5yqFLCvTZqsUfvKDzXJgZwFuzEdaG9maYbvQyTYey4N5VCfxzmwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAJFpH5hD+fvcVi5ry/1aESLLhJz76BkLnL94r6XEX7n7KlmPEdC2G4DTKyph0N89zCxwwATP446rekuLOkV4F3dXD3tMu2dbM0m7XLrx87k8eRxkv0N2kI+pTU+fOVyFfqNV+Bsytsiv3R5mfLXzy8uiRfMVDuu41maYQvC85esA
  3. If your domain is already federated, enter the following: Set-MsolDomainFederationSettings -DomainName cme.com. -FederationBrandName Okta -IssuerUri k1o7oit7CZDUKODQCSQU -PassiveLogOnUri https://vladdha.trexcloud.com/app/office365/k1o7oit7CZDUKODQCSQU/sso/wsfed/passive -ActiveLogOnUri https://vladdha.trexcloud.com/app/office365/k1o7oit7CZDUKODQCSQU/sso/wsfed/active -MetadataExchangeUri https://vladdha.trexcloud.com/app/office365/k1o7oit7CZDUKODQCSQU/sso/wsfed/mex -LogOffUri https://vladdha.trexcloud.com/app/office365/k1o7oit7CZDUKODQCSQU/sso/wsfed/signout -SigningCertificate MIICmTCCAgKgAwIBAgIGATyjlva+MA0GCSqGSIb3DQEBBQUAMIGPMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEDAOBgNVBAMMB3ZsYWRkaGExHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMTMwMjA0MDUwMzA1WhcNNDMwMjA0MDUwNDA1WjCBjzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRAwDgYDVQQDDAd2bGFkZGhhMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTltljRtY1X7p4SL/Zx0ONcceU9/ltXdn7vEbfm4eXfxfKXsYksNXNpsGEDmB71YRFEuDabnVOS7juvUW8TMViaB6337hcTrZ3au0OLKKhVGWY3QG4sR0YlJy5yqFLCvTZqsUfvKDzXJgZwFuzEdaG9maYbvQyTYey4N5VCfxzmwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAJFpH5hD+fvcVi5ry/1aESLLhJz76BkLnL94r6XEX7n7KlmPEdC2G4DTKyph0N89zCxwwATP446rekuLOkV4F3dXD3tMu2dbM0m7XLrx87k8eRxkv0N2kI+pTU+fOVyFfqNV+Bsytsiv3R5mfLXzy8uiRfMVDuu41maYQvC85esA
  4. This is a test: Set-MsolDomainAuthentication -DomainName -Authentication Federated -FederationBrandName -IssuerUri-PassiveLogOnUri