Single Sign ON for Office 365/Sharepoint

Office 365 is a suite of applications which consists office applications as well as cloud related services that are enabled over internet. Office 365 business plans include services like web conferencing and email services for business. Sharepoint is a web-based collaborative platform which is integrated in office 365 suite. It is a platform for various programs. It is a backend system that ties your employee PCs and mobile devices together, allowing them to interact and synchronize their efforts. Sharepoint allows the employees for enterprise users to save their documents and access them centrally for better business.

Our Solution

miniOrange provides Single Sign On (SSO) to any type of applications whether they are in the cloud or on-premise. With Single Sign-On, Office 365 can put its existing trusted IdP in charge of the authentication process. Active directory is configured as identity source within miniOrange, which is set as default identity source. Due to this authentication will happen against active directory credentials and appropriate user attributes such as immutable id will be fetched upon successful authentication against Active Directory credentials. After configuring the identity source, users present in Active Directory can login into the end user dashboard through their Active Directory credentials. In case user does not exist within miniOrange, the user is created on the fly and configured directory attributes are fetched and stored in the user profile.

Advantages of Single Sign On solution:

• User can login using single credentials, no need to remember different user names and passwords.
• User is created on the fly so no need to manually create user in miniOrange.
• Users can configure 2 Factor Authentication as part of the sign-on process. miniOrange supports 15+ two factor authentication methods.

Login flow for Sharepoint

Steps to set up Single Sign On for Sharepoint

• Setup Branding.
  
  This functionality works only in case customer branding is set, so, you need to setup own branded URL.
  
• Adding LDAP Identity Source in miniOrange.
  
  1. Navigate to Identity Sources in the miniOrange admin console. Select type as LDAP.
  2. Set the following configuration:
  
  

  
  
  

  Note: Save the service account password.

    The Activate LDAP and Sync users in miniOrange options are to be selected in order to support User creation on the fly.
  3. Click on Save.
• Add Office 365 Application in miniOrange.
  
  1. Navigate to Apps->Manage apps in the miniOrange admin console.
  2. Select Office 365 as a SAML App.
  3. Use the following configuration:
    SP Entity ID: https://login.microsoftonline.com/login.srf
    ACS URL: https://login.microsoftonline.com/login.srf
    Name ID: Username
    Add a custom attribute IDPEmail
  
  

  
  
  

  4. Click on Save.
• Configure Office 365 for federation with miniOrange as IdP.
  
  Using the Metadata of the above added app, run the following commands:
  
  Set-MsolDomainAuthentication -Standard -DomainName "##DOMAIN NAME##"
  Set-MsolDomainAuthentication -Authentication Federated -DomainName "##DOMAIN_NAME##"-IssuerUri "##IDP_ENTITY_ID##" -LogOffUri " ##LOGOUT_URI##" -PassiveLogOnUri "##SSO_URI##" -SigningCertificate "##CERT##" -PreferredAuthenticationProtocol SAMLP
  
  Replace the appropriate values for IDP Entity ID, SLO URL, SSO URL and Certificate.
• Add External URL for Sharepoint App in the end user dashboard.
  
  1. Navigate to Apps->Manage Apps. Click on Configure Apps.
  2. Select Create your own app->External App.
  3. Add the following external URL:
    https://login.microsoftonline.com/login.srf?wa=wsignin1.0&whr="##DOMAIN_NAME##"&wreply="##url"
  4. Check the following option:
  
  

  
  
  

  5. Click on Save.
• Login with LDAP Credentials
  
  1. Navigate to the branded login page.
  2. Enter the following credentials like user name and password.
  3. User gets created with the username of miniOrange and email of gmail account.
  4. The links to Office 365 and Sharepoint app appears on screen.
  5. Click on these in order to get logged in into Office 365 and Sharepoint respectively.

Business trial for free

If you don't find what you are looking for, please contact us at info@miniorange.com or call us at +1 978 658 9387 to find an answer to your question about Share Point Single Sign On (SSO).