黑料海角91入口

Help Center Home > Apps and Integrations > SSO with Microsoft 365 – Alternative Manual Service Provider Set Up Method

SSO with Microsoft 365 – Alternative Manual Service Provider Set Up Method

If you need a more advanced configuration when you set up Single Sign On (SSO) for Microsoft 365 in 黑料海角91入口, you can use the commands provided in this article with the Microsoft Graph PowerShell SDK.

Note:

Make sure modern authentication is enabled for the Microsoft 365 Tenant. Learn more in Enable Modern Authentication for Microsoft 365.

Running the command

  1. Run PowerShell as an administrator and install the Microsoft.Graph Module for Windows PowerShell, if it is not already installed:
  2. Modify the PowerShell execution policy:
    • Set the Execution Policy to Remote Signed by running Set-ExecutionPolicy RemoteSigned
    • Answer A to confirm the change to the Execution Policy.
    • Enter your M365 Global Administrator credentials.
  3. Connect to the Microsoft Graph with the required scopes:
  4. Run Install-Module PowershellGet
  5. Answer Y to install the NuGet Provider
  6. Answer A to Answer Yes to All to install from PSGallery.
  7. Run Install-Module Microsoft.Graph


Connect-MGGraph -Scopes "Domain.ReadWrite.All", "Directory.AccessAsUser.All", "Organization.ReadWrite.All", "Directory.ReadWrite.All"

Tip:

For more information - see  

  1. Define your Microsoft 365 Domain:

$domain="yourdomain.tld"

  1. Define the IDP URL, this is the same value as the IDP URL in the connector, default value shown:

$idpUrl="https://sso.jumpcloud.com/saml2/office365"

  1. Define the SSO metadata URI:
    • Log in to the
    • Navigate to the SSO Applications tab
    • Find and select Microsoft 365
    • Select the SSO tab and click Copy Metadata URL
    • Return to your  Powershell window
    • $metadataUri = <https://sso.jumpcloud.com/saml2/metadata/...>
  2. Define the logout URL:

$濒辞驳辞耻迟鲍谤濒=鈥汉迟迟辫蝉://肠辞苍蝉辞濒别.箩耻尘辫肠濒辞耻诲.肠辞尘/耻蝉别谤肠辞苍蝉辞濒别/鈥

  1. Define the public cert:

Important:

This variable can't contain -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- and can't contain spaces or newlines.

Note:

Export the metadata file from your 黑料海角91入口 SSO configuration and copy the certificate string between

<ds:X509Certificate> and </ds:X509Certificate>

$肠别谤迟颈蹿颈肠补迟别="惭滨滨顿迟罢颁颁础辫2驳础飞滨叠础驳滨闯础闯鲍辫惫惫+驰濒濒狈1惭础0骋颁厂辩骋厂滨产3顿蚕贰叠叠蚕鲍础惭贰鲍虫颁锄础闯叠驳狈痴叠础驰罢础濒痴罢惭搁惭飞贰蚕驰鈥
罢搁鲍狈颁础罢贰顿鈥
wcsC1lArmug//RG+BPp6yT6qhsm4g4wVcxpHWT8cA1py0TQaIQbNnBqNLDbQJl9oJ3PB9eiKEpEWtdtmcQOW3yB1AdxsQBKxtaNT5PypyLqnJ+e8="

  1. Define the Issuer URI, this must be the same value as the IdP Entity ID previously defined in the 黑料海角91入口 SSO configuration:

$issuerUri="https://YOUR_DOMAIN.com

  1. Enable SSO for the defined domain:

New-MgDomainFederationConfiguration -DomainId $domain -DisplayName 鈥満诹虾=91入口鈥 -MetadataExchangeUri $metadataUri -IssuerUri $issuerUri -SignOutUri $logoutUrl -PassiveSignInUri $idpUrl -ActiveSignInUri $idpUrl -SigningCertificate $certificate -PreferredAuthenticationProtocol saml -FederatedIdpMfaBehavior 鈥渁cceptIfMfaDoneByFederatedIdp鈥 | Format-List

  1. Disconnect from the Graph connection:

Disconnect-MGGraph

Now that you鈥檝e configured the service provider, read SSO with Microsoft 365/Entra ID to learn how to authorize user access and validate authentication workflows. 

Troubleshooting

I am getting an issuerUri error.

Check the IdP Entity ID value in 黑料海角91入口 to the value entered in the $issuerUri command - it must match exactly and be in a 鈥渉ttps://domain.com鈥 or 鈥渦rn:uri:domain.com鈥 format.

Back to Top

List IconIn this Article

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case