To configure Microsoft 365 to use CloudGen Access as its Identity Provider, you need to federate a Microsoft account domain. To federate is to establish authentication and/or authorization trust of your domain with Microsoft. Follow the steps below or see https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-saml-idp to get started.
CloudGen Access server information to use with domain configuration
You will need the SAML configuration information for Single Sign-On (SSO) configuration.
- Login to your CloudGen Access account.
- The SAML configuration is selected from a previously configured SaaS Resource to access Microsoft 365. See Add Resource if this has not yet been completed.
- Go to Access > Resources and click View Server Settings under SSO Configuration.
This information will be needed in the Configuring your domain section below.
Configuring your domain
- Install PowerShell if not already on your device. Most Microsoft Windows operating systems will already have it.
- Open PowerShell in Administrator mode.
- Install the MSOnline component with the following command:
$ Install-Module MSOnline
A window to log in to Microsoft appears.
- Run the following command to federate your domain authentication to CloudGen Access. Before doing this process, be sure you have a way to log into your Microsoft account with another domain (e.g. onmicrosoft.com) in case the configuration is invalid. Otherwise, you will be locked out of your account.
Authentication Domain to CloudGen Access:
Select the Microsoft 365 apps that you want to enable and show the end user portal (app catalog). You can also configure custom URLs for each.
- Your Microsoft domain is now being secured by CloudGen Access. You can confirm that the domain is being federated by running the command:
You will have to set an ImmutableId to your users that matches the NameID format that CloudGen Access sends (in this case, the email address):
$ Set-MsolUser -UserPrincipalName[email] -ImmutableId[email]
To confirm what is an ImmutableId of a user, run:
$ get-msolUser -PrincipalName[email]|select ImmutableId