dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ac98c223d3
lemonldap-ng/doc/sources/admin/applications/office365.rst
Maxime Besson a98e5c05b4 doc: fix markup
2020-06-01 16:22:25 +02:00

76 lines
2.2 KiB
ReStructuredText
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Office 365
==========
|image0|
Presentation
------------
`Office 365 <https://en.wikipedia.org/wiki/Office_365>`__ provides
online access to Microsoft products like Office, Outlook or Yammer.
Authentication is done on https://login.microsoftonline.com/ and can be
forwarded to an SAML Identity Provider.
Configuration
-------------
.. _office-365-1:
Office 365
~~~~~~~~~~
You first need to install AzureAD PowerShell to be able to run
administrative commands.
Then run this script:
.. code-block:: bash
$dom = "mycompany.com"
$brand = "My Company"
$url = "https://auth.example.com/saml/singleSignOn"
$uri = "https://auth.example.com/saml/metadata"
$logouturl = "https://auth.example.com/?logout=1"
$cert = "xxxxxxxxxxxxxxxxxxx"
Set-MsolDomainAuthentication DomainName $dom -FederationBrandName $brand -Authentication Federated -PassiveLogOnUri $url -SigningCertificate $cert -IssuerUri $uri -LogOffUri $logouturl -PreferredAuthenticationProtocol SAMLP
Where parameters are:
- dom: Your Office 365 domain
- brand: Simple label
- url: The SAML SSO endpoint
- uri: The SAML metadata endpoint
- logouturl: Logout URL
- cert: The SAML certificate containing the signature public key
If you have several Office365 domains, you can't use the same URLs for
each domains. To be able to have a single SAML IDP for several domains,
you must add the 'domain' GET parameters at the end of SSO endpoint and
metadata URLs, for example:
- domain 'mycompany.com':
- url: https://auth.example.com/saml/singleSignOn?domain=mycompany
- uri: https://auth.example.com/saml/metadata?domain=mycompany
- domain 'myfirm.com':
- url: https://auth.example.com/saml/singleSignOn?domain=myfirm
- uri: https://auth.example.com/saml/metadata?domain=myfirm
LemonLDAP::NG
~~~~~~~~~~~~~
Create a new SAML Service Provider and import Microsoft metadata from
https://nexus.microsoftonline-p.com/federationmetadata/saml20/federationmetadata.xml
Set the NameID value to persistent, or any immutable value for the user.
Create a SAML attribute named IDPEmail which contains the user principal
name (UPN).
.. |image0| image:: /applications/logo_office_365.png
:class: align-center
Reference in New Issue View Git Blame Copy Permalink