Sharepoint is a web-based collaborative platform which is integrated in office 365 suite. It is a platform for various programs. It is a backend system that ties your employee PCs and mobile devices together, allowing them to interact and synchronize their efforts. Sharepoint allows the employees for enterprise users to save their documents and access them centrally for better business. Office 365 is a suite of applications which consists office applications as well as cloud related services that are enabled over internet. Office 365 business plans include services like web conferencing and email services for business.
miniOrange provides Single Sign On (SSO) to any type of applications whether they are in the cloud or on-premise. With Single Sign-On, Office 365 can put its existing trusted IdP in charge of the authentication process. Active directory is configured as identity source within miniOrange, which is set as default identity source. Due to this authentication will happen against active directory credentials and appropriate user attributes such as immutable id will be fetched upon successful authentication against Active Directory credentials. After configuring the identity source, users present in Active Directory can login into the end user dashboard through their Active Directory credentials. In case user does not exist within miniOrange, the user is created on the fly and configured directory attributes are fetched and stored in the user profile.
Advantages of Single Sign On solution:
- User can login using single credentials, no need to remember different user names and passwords.
- User is created on the fly so no need to manually create user in miniOrange.
- Users can configure 2 Factor Authentication as part of the sign-on process. miniOrange supports 15+ two factor authentication methods.
Login flow for Sharepoint
If you are using OnPremise Instance, no need to follow the step given below, it is required only for Cloud Instance. You can directly jump to 'Step 1'
If you are using Cloud IdP, you have to setup the branding because this functionality works only in case customer branding is set.
Steps to set up Single Sign On for SharePoint
Step 1: Adding LDAP Identity Source in miniOrange
1. Login to your MiniOrange Admin DashBoard
2. From the Side Menu, Click on User Stores>>Add User Store
3. Select AD/LDAP
option. On the Configuration page, Select Directory Type
4. Fill up all the details, scroll down, you will see options to Activate LDAP
. Enable it
Click on Save.
Here's the list of the attributes and what it does when we enable it. You can enable/disable accordingly.
||All user authentications will be done with LDAP credentials if you Activate it
|Sync users in miniOrange
||Users will be created in miniOrange after authentication with LDAP
||If LDAP credentials fail then user will be authenticated through miniOrange
|Allow users to change password
||This allows your users to change their password. It updates the new credentials in your LDAP server
|Enable administrator login
||On enabling this, your miniOrange Administrator login authenticates using your LDAP server
|Show IdP to users
||If you enable this option, this IdP will be visible to users
|Send Configured Attributes
||If you enable this option, then only the attributes configured below will be sent in attributes at the time of login
Step 2: Add Office365 Single Sign On (SSO) App
- Login to miniOrange Admin Console.
- Go to Apps >> Manage Apps . Click Configure Apps button.
- Click on SAML tab. Select Office365 and click Add App button.
- Make sure the SP Entity ID or Issuer is: urn:federation:MicrosoftOnline.
- Make sure the ACS URL is: https://login.microsoftonline.com/login.srf.
- Add an attribute with attribute name as IDPEmail and select attribute value as E-mail Address.
- Set the authentication policy. You can choose to enable 2FA for login or have users login using a standard username-password.
- Click on Save to configure Office365.
- Click on Metadata link to see the Identity Provider information required to configure Office 365. Note down the following information.
- IdP Entity ID/Issuer
- Logout URL
- Login URL
- X.509 Certificate
- You can Copy these values when using MiniOrange as IdP
- You can Copy these values when using External IdP (i.e. MiniOrange as Broker)
Step 3: Configure Microsoft Online Services
- Open Powershell in Administrator Mode. The Microsoft Online Services module needs to be installed for the below commands to run.
- Install-Module -Name AzureAD
- If prompted about installing a module from an untrusted repository, type Y and press ENTER.
- Install the 64-bit version of the Microsoft Online Services Sign-in Assistant. Download it from here.
- Run the Following command in Powershell to install MSOnline Module : Install-Module MSOnline
- If prompted to install the NuGet provider, type Y and press ENTER.
- If prompted to install the module from PSGallery, type Y and press ENTER.
- Execute the following Powershell commands:
- $cred = Get-Credential. Enter Office 365 Administrator credentials.
- Connect-MsolService -Credential $cred.
- Replace the following information with the one noted in above step:
- Replace ##DOMAIN NAME## by your Active Directory Domain Name. Ensure that the domain is not the default domain name as the default one cannot be set as the federated domain
- Replace ##IDP ENTITY ID## with the IdP Entity ID/Issuer Noted above.
- Replace ##LOGOUT URL## with the Logout URL Noted above.
- Replace ##CERTIFCATE## with the X.509 Certificate Noted above.
- Set-MsolDomainAuthentication -Authentication Federated -DomainName ##DOMAIN NAME## -IssuerUri ##IDP ENTITY ID## -LogOffUri "##LOGOUT URL##" -PassiveLogOnUri "##LOGIN URL##" -SigningCertificate "##CERTIFICATE## -PreferredAuthenticationProtocol SAMLP
- Note: You cannot federate your default "onmicrosoft.com" domain. To federate your Office 365 tenant, you must add a custom domain to Office 365.
Step 4: Add External Sharepoint App in the end user dashboard
1. Login to Admin Dashboard, from sidebar, select Apps
.Click on Configure Apps
2. Click on External/JWT/PwdLess
category. From two options, select External App
(As shown in image)
3. Enter the required information on the configuration page (as shown in the image below). Add the following External URL:
Check the Show PasswordLess App
4. Click on Save
Step 5: Login with LDAP Credentials
1. Navigate to the Branded
2. Enter the following credentials like User Name
3. User gets created with the Username of miniOrange and email of Gmail account.
4. The links to Office 365
and Sharepoint app
appears on screen.
5. Click on these in order to get logged in into Office 365 and Sharepoint respectively.