The following steps describe the process of configuring single sign-on (SSO) from Assertiv to Azure or Office 365.
Assertiv Configuration
- Log into your Assertiv tenancy at <your organization>.assertiv.com as an administrator.
- Click on the navigation menu at the top left (
) and select Applications.
- Click + in the top right of the Application List toolbar to create a new application.
- Click on the Azure tile.
- Give your Azure service a suitable name.
- In the first expander panel, toggle Enable Single Sign-on.
- Under Signing Certificate, select – Generate New Signing Certificate --.
- Click the Save button—the page should reload with the heading Edit Application.
- Copy the PowerShell commands from the first expander panel on your Azure application page.
Azure Configuration
Follow these instructions for configuring Azure for SSO.
- Open a PowerShell terminal as administrator.
- Paste the PowerShell commands that you copied in step 9 into your PowerShell terminal.
- Install the MSOnline PowerShell module, if you haven’t already done so.
- Run Connect-MsolService, and log in with the credentials of an admin user.
- Create a variable in PowerShell equal to your domain name; eg
$dom = “mydomain.com” - (Conditional) If you have already configured and verified your domain in Azure, then run the following PowerShell command:
Set-MsolDomainAuthentication -domain $dom `
-FederationBrandName $BrandName `
-Authentication Federated `
-PassiveLogOnUri $PassiveLogOnUrl `
-SigningCertificate $SigningCert `
-IssuerUri $IssuerURI `
-ActiveLogOnUri $LogOnUrl `
-LogOffUri $LogOffUrl `
-PreferredAuthenticationProtocol $Protocol
Note: If the above command is not pasting correctly to your PowerShell terminal, try the following:
Set-MsolDomainAuthentication -domain $dom -FederationBrandName $BrandName -Authentication Federated -PassiveLogOnUri $PassiveLogOnUrl -SigningCertificate $SigningCert -IssuerUri $IssuerURI -ActiveLogOnUri $LogOnUrl -LogOffUri $LogOffUrl -PreferredAuthenticationProtocol $Protocol - (Conditional) If you have not already configured and verified your domain in Azure, then perform the following steps:
Run these two PowerShell commands:
New-MsolDomain `
-Name $dom `
-Authentication Federated
Get-MsolDomainVerificationDns `
-DomainName $dom `
-Mode DnsTxtRecord
Note: If the above commands are not pasting correctly to your PowerShell terminal, try the following:
New-MsolDomain -Name $dom -Authentication Federated
Get-MsolDomainVerificationDns -DomainName $dom -Mode DnsTxtRecord - Copy the value in the Text field in the output from the second command.
- Log into the domain registration service where you registered your domain.
- Edit the DNS values for the domain (process varies from one registration service to the next), and update the TXT record for the host @. Use the Text value from step 16.c, and a value of 3600 (60 minutes) for Ttl.
- Run the following PowerShell command:
Confirm-MsolDomain `
-DomainName $dom `
-IssuerUri $IssuerURI `
-FederationBrandName $BrandName `
-LogOffUri $LogOffUrl `
-PassiveLogOnUri $PassiveLogOnUrl `
-ActiveLogOnUri $LogOnUrl `
-SigningCertificate $SigningCert `
-PreferredAuthenticationProtocol $Protocol
Note: If the above command does not paste correctly to your PowerShell terminal, try the following:
Confirm-MsolDomain -DomainName $dom -IssuerUri $IssuerURI -FederationBrandName $BrandName -LogOffUri $LogOffUrl -PassiveLogOnUri $PassiveLogOnUrl -ActiveLogOnUri $LogOnUrl -SigningCertificate $SigningCert -PreferredAuthenticationProtocol $Protocol - Provision or synchronize users from Assertiv to Azure.
Configure Roles
For your users to access Office 365 from their Assertiv apps page, you must set up a role, assign users to the role, and give that role permission to access Office 365.
More details on roles can be found in the following articles: