< Back
You are here:

HOW TO CONFIGURE OCTOPUS AUTHENTICATOR FOR MICROSOFT OFFICE365

This page shows you how to add multifactor authentication to your Microsoft Office365 using the Octopus Authenticator to gain more control and security over how users log into your network.

  • Login to Octopus Authenticator Console
  • Select Services from the left pane
  • Select Add Service
  • Click Microsoft Office365 service template

 


Tab 1 – General Information

The following fields and values are displayed

Fields name

Fields Value

Service name

Microsoft Office365 (default)

Issuer

Microsoft (default)

Description

Service status

Enable (default)

Display icon

Login page URL

<https://<Enterprise Base URL>/google-saml/<No.>/login>

Note: Secret Double Octopus recommendation is to leave the default field values as is.

 


Tab 2 – Parameters    

The following fields and values are displayed

Field name

Field value

Login

email

 Office 365 email    

email

 NameID

Office 365 domain

Domain name

+ Add additional parameter

Do not add any parameters

 


Tab 3 – Sign On

The following fields and values are displayed

Field name

Field value

Multi Factor Authentication (MFA)

Off (default)

Sign-on Method

SAML 2.0

X.509 Certificate

 

SAML signature algorithm

SHA-1 (default)

Single Sign On (SSO)

Off (default)

Issuer URL

https://<Enterprise base URL>

SAML 2.0 Endpoint (HTTP)

https://<Enterprise base URL>/google-saml/login

Custom message

Note: Secret Double Octopus recommendation is to leave the default field values as displayed.

 


Step 4 – Users

To configure the users of the service

  • Select users from either “Local Users” or “LDAP Users” lists
  • You can select either:
    • A group of users to import, by clicking on the dot next to one of the folders
    • An individual user to import, by clicking on the dot next to that user

The corresponding dot will then be colored blue. When you select only some of the users in the group, the dot adjacent to the group will be colored partially.

After you click SAVE SETTINGS, the selected users will be enrolled in the service.

  • Click SAVE SETTINGS

 


Set up SSO for Microsoft office 365 using Octopus Authenticator Identity Provider

 

  1. Add a new domain to your office365 production account
  2. Login to your Microsoft Window Azure AD Module for Windows PowerShell
    • “Connect-MsolService”

 

Note: Steps 3-5 are requied only if your domain is already a federate

  1. To swap the new domain back from federate to managed, enter:
    • “Set-MsolDomianAuthentication -DomainName <office365 domain name> -Authentication Managed”
  2. Please issue the following settings
    • $dom = “<Office365 domain name>”
    • $fedbrandName = “<Organization name>”
    • $url = “<Secret Double Octopus SAML 2.0 Endpoint URL>
    • $uri = “<Secret Double Octopus Office365 Service Issuer URL>”
    • $logouturl = “<Secret Double Octopus SAML 2.0 Endpoint URL>”
    • $cert = “New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 (<C:/xxx.crt>)

Note: To retrive the X.509 certificate file, please refer to Secret Double Octopus Office365 X.509 Certificate and download the .crt file.

  • $certDate = [system.convert]::tobase64string($cert.rawdata)

 

 

  1. To check the new set varaiables, enter:
    • “get-variable dom,fedBrandName,url,uri,logoutUrl,cert,certData | fl Name,Value”

  1. Swap back the new domain from managed to federate, enter:
    • “Set-MsolDomainAuthentication –DomainName $dom -Authentication Federated -FederationBrandName $fedBrandName -PassiveLogOnUri $url -IssuerUri $uri -LogOffUri $logoutUrl -PreferredAuthenticationProtocol SAMLP -SigningCertificate $certData
  2. Verify the new Settings:
    • “Get-MsolDomainFederationSettings -domain $dom | fl”

8. To retrieve the ImmutableID of the users, issue:

  • “Get-MsolUser -All | Select-Object UserprincipalName,ImmutableID”

 

Important note:
For each user you want to use with Secret Double Octopus Office365 service, enter his ImmutableID value to custom filed (e.g. custom1, custom2 or custum3 according to the service setting)

 

 

Note: To learn more about Office365 configuration, please refer to Enable Exchange Online for modern authentication web-page