Start the Office 365 setup by syncing your directory to Office 365, then adding the Office 365 and assigning the app to your users.
Part 1 – Syncing Directories
Here is the tutorial video for syncing directories with NoPassword.
- To sync your directory with NoPassword, click on “Directories” and then”Main Directory” from th left-side menu.
- Click on the blue “Add A New Directory” button on the top right side of the page.
- A new window will pop up, enter “Directory Name“, choose “Office 365” for “Directory Type“, and click on “Done“.
- Click on the “Setup” button.
- Click on “Continue” and you will be directed to Office 365 login page.
- Enter your Microsoft global admin username and password.
- Click on “Accept” next to allow NoPassword to sync and edit your directory.
- You will be redirected back to NoPassword admin dashboard. Click on the green “Sync” button to import users.
Click on “Users” on the left-side menu to see the list of users imported to the NoPassword dashboard. User immutable ID will be automatically transferred.
Once the directory and users are synced, please follow the instructions in the next part to add the Office 365 app.
Part 2 – Office 365 Integration
Here is the tutorial video to set up Office 365.
- Open the NoPassword Admin Dashboard. Select “Applications” from the left side menu and then select “Web App” from the submenu.
- Click on “+ Add SSO App” button from the upper right corner.
Please note that NoPassword will not store your credentials.
- Click on “One-click setup“.
- Click on “Save“.
You can alternatively setup Office 365 manually.
To continue manually, click on “Manual Set up”. Identity Provider section will automatically open, download the Certificate to your computer.
Then, right-click on the PowerShell command template for ADFS to save it to your computer.
Expand the Service Provider section and configure your ACS URL:
Expand the Advanced Setup section and configure your IDP:
Select “Employee ID” for Identifier and click on “Save“.
Log into Office 365 administration center as an administrator and then click on Admin.
From the left side menu select “Settings > Domains“.
Add a domain that you are going to use for Single Sign-On and go through the steps to confirm that you own the domain.
DO NOT add any users at this stage.
In the section where you are asked “How do you want to use with Office365?“, uncheck the checked boxes next to “Exchange Online” and “Lync Online“; unless DNS entries are to be updated.
Make sure that the domain is not the “default domain“. If it is set as the default domain, please go ahead and change that setting by configuring the “.onmicrosoft.com” as the “default domain“.
SSO configuration for Office 365 requires Windows Azure Active Directory Module for Windows PowerShell cmdlets. Download and install cmdlets from the following links:
You need to use the PowerShell Command template and the certificate that you downloaded from NoPassword Admin Dashboard.
To configure Office 365 SSO, customize the PowerShell command template as follows:
$domain – enter your company domain, in the following format: yourworkdomain.com
$issuer – enter your company domain at the end of the URL, in the following format:
$certificateFile – Full path and filename of the certificate file you’ve just downloaded
Please open Powershell as an administrator.
It will prompt for the administrator’s credentials. Type your administrator login credentials into the dialog that appears on the screen.
Copy and paste the second command, to get authenticated on Office 365:
Connect-MsolService -Credential $cred
Copy the block of PowerShell commands starting with $domain and ending with $logoffurl.
Paste them into your PowerShell window.
Then copy and paste the second block to upload the certificate file.
Run the following command to enable SSO for your domain:
Set-MsolDomainAuthentication -FederationBrandName $domain -DomainName $domain -Authentication federated PreferredAuthenticationProtocol SAMLP -IssuerUri $issuer -Signing Certificate $certificate -PassiveLogOnUri $ssoUrl -ActiveLogOnUri $ecpUrl -LogOffUri $logoffUrl –Verbose
You have completed the manual SSO setup for Office 365.
Trouble shooting information for manual setup
See all licenses:
You need your AccountSku number to be able to add users.
New-MsolUser -UserPrincipalName -ImmutableId -FirstName -LastName -DisplayName -LicenseAssignment -usageLocation
The immutable id is a unique user identifier on Office 365. Make sure Immutable id is reflected in the user’s info on NoPassword portal, as the user’s IDThe user principal name is the IDPEmail. Both these values must match with the Office 365 configuration for single sign-on to be successful.
emove-MsolUser -UserPrincipalName <User’s email>
The above command moves the user to the Office 365 recycle bin. To create a user with the same name, make sure to remove the user from the recycle bin.
Retrieve a deleted user:
Get-MsolUser -ReturnDeletedUsers -SearchString <User’s email> | select UserPrincipalName, ObjectId
Remove a deleted user from the recycle bin:
Remove-MsolUser -RemoveFromRecycleBin –ObjectId
Some users might experience the following sign-in issue, due to a known bug on Office 365.
“Sorry, but we’re having trouble signing you in. Please try again in a few minutes. If this doesn’t work, you might want to contact your admin and report the following error: <error#>.”
The solution is simply to restart your browser. Then open a fresh browser tab and try to log in.
Office 365 is now configured! At this point, you can assign users, groups or organizational units to the Office 365. Please see the Assign Users page for instructions.
Should you any further questions, do not hesitate to contact us at firstname.lastname@example.org or 877-877-5587.