It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Access

Microsoft 365 Configuration

  • Last updated on

To configure Microsoft 365 to use CloudGen Access as its Identity Provider, you need to federate a Microsoft account domain. To federate is to establish authentication and/or authorization trust of your domain with Microsoft. Follow the steps below or see https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-saml-idp to get started.

It is important to have a fallback method for accessing your Microsoft 365 account to prevent getting locked out. (i.e. a login with another domain such as onmicrosoft.com, which generally comes with each Microsoft 365 account.)

CloudGen Access server information to use with domain configuration

You will need the SAML configuration information for Single Sign-On (SSO) configuration.

  1. Login to your CloudGen Access account.
  2. The SAML configuration is selected from a previously configured SaaS Resource to access Microsoft 365. See Add Resource if this has not yet been completed.
  3. Go to Access > Resources and click View Server Settings under SSO Configuration.
    This information will be needed in the Configuring your domain section below.
    saml-config-info-b.png

Configuring your domain

  1. Install PowerShell if not already on your device. Most Microsoft Windows operating systems will already have it.
  2. Open PowerShell in Administrator mode.
  3. Install the MSOnline component with the following command: $ Install-Module MSOnline
  4. Run $ Connect-MsolService
    A window to log in to Microsoft appears.

    microsoft-login-b.png
  5. After logging in you will be brought back to the PowerShell session. Send the following commands to authenticate using an admin account for your domain.
    1. Grant access to one or more users:

      • For a single user.

        1. $ Set-MsolUser -UserPrincipalName <domain user> -ImmutableId <domain user>

        2. Confirm that the immutable ID from the last step was configured. $ get-msoluser -UserPrincipalName <domain user> | select ImmutableID
          immutable-id-b2.png

      • For multiple users:

        1. $ get-msoluser -All -Domain $dom | ForEach-Object {
                 set-msoluser -UserPrincipalName $.UserPrincipalName -immutableID $.UserPrincipalName
            }
    2. $ dom = "<domain>"
    3. You can set a name for the CloudGen Access identity provider. $ BrandName = "<Name here>"
    4. Reference the information gathered in the CloudGen Access server information section above with the next four commands.
    5. $ LogOnUrl = "[<Login/SSO URL>]"
    6. $ LogOffUrl = "[<Logout URL>]"
    7. $ MyURI = "[<Issuer/Entity ID>]"
    8. $ MySigningCert = "<Certificate>"

      WARNING

      Before running the next command, ensure you have a way to login to your Microsoft 365 account with another domain (i.e. onmicrosoft.com) in case the configuration is invalid. Otherwise, you will be locked out of your account.

  6. Configure your desired Microsoft 365 domain to use federation with SAML 2.0:
    $Protocol = "SAMLP"
    Set-MsolDomainAuthentication `
    -DomainName $dom `
    -FederationBrandName $BrandName `
    -Authentication Federated `
    -PassiveLogOnUri $LogOnUrl `
    -LogOffUri $LogOffUrl `
    -SigningCertificate $MySigningCert `
    -IssuerUri $MyURI `
    -PreferredAuthenticationProtocol $Protocol


    saml-config-input-b.png
  7. You can confirm the authentication status of your domain by running $ Get-MsolDomain
    The status should show as Federated. Your Microsoft domain is now secured by CloudGen Access.
    verify-federated-status-b.png
Last updated on