2. Home
  4. Docs
  6. Application Integrations
  8. Office365 SAML Integration

Office365 SAML Integration

Warning : If you federate an Office 365 domain, all users must use the PureAUTH authentication method. Users will no longer be able to authenticate to Microsoft 365 using the previous method (email + password + MFA). If you are federating a domain as part of a POC or testing, please use a test domain to avoid impacting production users.

Introduction

This document outlines the configuration and management steps for integrating Office 365 with the PureAUTH Identity Platform using the Security Assertion Markup Language (SAML) 2.0 protocol. By enabling SAML-based Single Sign-On (SSO) through PureAUTH, organizations can provide secure, seamless, and passwordless access to Office 365 services.

As Microsoft has officially deprecated the legacy MSOL (Microsoft Online) PowerShell module, we now utilize Microsoft Graph PowerShell and modern authentication methods to configure and manage Office 365 SAML federation. This advanced approach ensures enhanced security, better automation, and future-proof compatibility.

Integrating Office 365 with PureAUTH allows enterprises to:

  • Enable centralized authentication via PureAUTH IDP.
  • Achieve passwordless login for Office 365 applications.
  • Ensure compliance with modern identity and access management best practices.

Prerequisites

  • Global Administrator access to Office 365 Admin Console. 
  • PureAUTH Identity provider administrator access.
  • PowerShell as Administrator to install modules system-wide.
  • Microsoft Graph PowerShell SDK Installation.

Microsoft Graph PowerShell SDK Installation Command

Install Full Microsoft Graph PowerShell SDK:

Install-Module Microsoft.Graph -Scope AllUsers -Force

 If You Don’t Have Admin Rights:

Use this instead to install for the current user only:

Install-Module Microsoft.Graph -Scope CurrentUser -Force

Note : The installation of the Microsoft Graph PowerShell SDK may take up to 20 minutes, especially when installing the full SDK (Microsoft.Graph) for the first time.

The Document includes the following steps:

  • Add a domain to your Office 365 account.
  • Add Office 365 application on the PureAUTH platform.
  • Configure SAML ( Security Assertion Markup Language ).
  • Add Users

Add domain to Office 365 account 

To get started, we need to add a domain to your Office 365 account. Follow this document to add a domain.

Setup Office 365 application on PureAUTH

Once we add a domain, we will add an Office 365 application to our PureAUTH Identity Platform. 

  • Login to PureAUTH Admin Portal 
  • Navigate to the Applications tab.
  • Select “Add Application”.
  • Select “Office365 SAML”.
Office SAML
  • Enter Any application Name.
  • Select Primary (Corporate Email) in the Dataset for email field.
Image2
  • Click “Add

Configure SAML Integration with Office 365 (Through Powershell Script)

To configure SAML integration, please download the pureauth-O365 script using the link below.

pureauth-O365 : FederationInputScript_updated.ps1

  • Make a folder called “PureauthO365” in C:\ drive and paste the FederationInputScript_updated.ps1 script into it.
  • Open “PowerShell with Administrator privileges” and cd into pureauthO365 folder.
  • Command : Powershell -ep bypass
  • Command : Connect-MgGraph -Scopes “User.ReadWrite.All”, “Group.ReadWrite.All”, “Directory.ReadWrite.All”, “Organization.Read.All”, “Domain.Read.All”
  • Enter the Global admin credentials.
  • Command : Import-Module .\FederationInputScript_updated.ps1
  • Command : Connect-PureAUTHOffice365
    • Enter your Domain : your_domain.com
    • Enter Issuer URI : Copy it from PureAUTH and paste here.
    • Enter ACS URI :  Copy it from PureAUTH and paste here.
      For certificatepath,
      • Copy X.509 certificate from pureauth.
      • Copy from —–BEGIN CERTIFICATE—— To ——END CERTIFICATE—–
      • Paste into the new notepad file and save as cert.pem.
    • Enter Certificate path : Provide certificate Path.
    • Click “Enter
  • It will confirm the configuration, Press “yes” 

Add user to Office 365

As we configured our domain as federated we can’t add users from the Office admin dashboard. In this section, we will see how to add users to the federated office 365 domain. You can use one of the methods below.

Command : Add-PureAUTHOffice365Users


If Renegadir access is available, connect Azure Active Directory through Directory Integration. Once connected, Renegadir will onboard the users into the Office 365 tenant.

Test SAML Authentication

  1. Visit the Office 365 login page.
  2. Enter your email address and it will redirect you to the PureAUTH authentication page.
  3. Open the VR5 app and scan the QR code using Swift Login.

Disable Federated Authentication

  1. Open Powershell (As Administrator)
  2. Command : Powershell -ep bypass
  3. Command : “Organization.Read.All”, “Domain.Read.All”Connect-MgGraph -Scopes “User.ReadWrite.All”, “Group.ReadWrite.All”, “Directory.ReadWrite.All”, 
  4. Command : Get-MgDomainFederationConfiguration -DomainId domain.com (Copy the federation ID) 
  5. Command : Remove-MgDomainFederationConfiguration -DomainId ‘Domain.com’ -InternalDomainFederationId ‘Federation ID Paste here’

Check Domain federation status


Command : (Get-MgDomain -DomainId “Domain.com“).AuthenticationType

  • Returns Managed → no federation
  • Returns Federated → federation exists

Further Support

For further information or assistance, please contact the PureID support team at support@pureid.io.

Was this article helpful to you? Yes No