Enabling Office 365 Federation

Do the following steps to enable Office 365 federation:

1. Open PowerShell with Run as Administrator. If you have not installed PowerShell, see Installing PowerShell and Azure AD.

2. Run the following command to connect to Microsoft Office Online Service:

   PS C:\Users\Administrator> Connect-MsolService
   

3. You will be prompted for Office 365 global admin credentials. Input your Office 365 admin credentials to establish the connection.

   

4. On PowerShell, check the current domain name in your Office 365 tenant with the following command:

   PS C:\Users\Administrator> Get-MsolDomain
   

   

5. Declare information and parameters to be used for federated authentication, e.g. saleallplanet.com, with the following commands:

   PS C:\Users\Administrator> $domainname = "saleallplanet.com"
   PS C:\Users\Administrator> $logoffuri = "https://cloud.v-key.com/sso/o365/sign-out"
   PS C:\Users\Administrator> $passivelogonuri = "https://cloud.v-key.com/sso/o365/sign-in"
   PS C:\Users\Administrator> $cert = "---CERTIFICATE CONTENT---"
   PS C:\Users\Administrator> $issueruri = "https://cloud.v-key.com/sso/o365/metadata"
   PS C:\Users\Administrator> $protocol = "SAMLP"
   

6. Switch that domain name to use Federated Authentication with the following command:

   PS C:\Users\Administrator> Set-MsolDomainAuthentication -DomainName $domainname -FederationBrandName $domainname -Authentication Federated -IssuerUri $issueruri -LogOffUri $logoffuri -PassiveLogOnUri $passivelogonuri -SigningCertificate $cert -PreferredAuthenticationProtocol $protocol
   

7. Check again the current domain names in your Office 365 tenant after switching to federated authentication with the following command:

   PS C:\Users\Administrator> Get-MsolDomain
   

8. The output should show the domain being federated as follows:

   

9. In the Azure AD portal, you can verify the same information.

   

   Note: Please be noted that user accounts cannot be created manually with Federated domain in Office 365/Azure AD Portal. Users with Federated domain in Office365/Azure AD can only be generated by synchronization from On-Premise Infrastructure.

10. After federation is succeeded, go to www.office.com from your browser.

11. Select the Sign in button at the upper-right corner of the page.

12. Input your email address on the Sign in page and select next.

    

13. If you are redirected to VCAG's Login page, your federation is successful. Otherwise, double check your federating parameters.