Office 365 SSO – A Step-by-Step setup guide
This article is still in progress, please check back for more content shortly
Office 365 SSO has long been a pipe dream of many companies but historically has always been either too difficult or too expensive to implement. Not any more, as Microsoft have now made this avaialble to all customer for free, see here. Let’s look at how we can easily achieve this.
This article is for you if
- You are wanting to setup Office 365 SSO but aren’t sure exactly how to do this
- Your users want to use Office 365 SSO
- You are frustrated at having to login to Office 365 each time you want to check your emails
- You plan to move users data to OneDrive and want do this automatically via Group Policy
- You plan to move on premise central file shares to SharePoint and want to re-map these automatically for users via Group Policy
- You are moving to Office 365 from another cloud service provider and need a good tutorial on how to get the best from seamless single sign on
- You want to learn how to configure Azure AD Connect for Office 365 SSO
- Your manager has asked you to setup Office 365 SSO but you don’t want to look incompetent and say you don’t know how
Once configured your users machines should work as demoed in the video below.
Configure your users UPN Suffixes to match your Azure AD tenant domain
Configure your Domain Controller for Azure Active Directory pass-thorough authentication and seamless single sign on using the Azure AD Connector
Configure the Azure Active Directory single sign on Group Policy and assign it to the Windows 10 test machine
Test seamless single sign on to Office 365 on the Windows 10 test machine
Copy the OneDrive ADMX and ADML templates from the Windows 10 test machine to your Domain Controller’s SYSVOL folder
Configure the OneDrive Group Policy for seamless single sign on, to silently move your users Known Folders to OneDrive and to always use OneDrive Files On-Demand as default
Test OneDrive seamless single sign on from the Windows 10 test machine and confirm the Known Folders auto redirect
To Map a SharePoint site to OneDrive on Demand you can can configure the Group Policy at User Configuration -> Administrative Templates -> OneDrive -> Configure team site libraries to sync automatically
You will need to populate this with the Name of the SharePoint Site you want to map and the ID; for example –
Name: Staff Shared
(tenantId=xxx&siteId=xxx&webId=xxx&listId=xxx&webUrl=httpsxxx&version=1)
Resources used in this Step-by-Step guide include –
Azure AD Connect – Completed-Export-Errors – Permission-Issue
Azure Active Directory Seamless Single Sign-On: Quick start
Find your Microsoft 365 organization ID
Configure team site libraries to sync automatically
Convert synced team site files to online-only files
OneDrive | Update for GPO team site libraries to sync automatically
Use Group Policy to control OneDrive sync settings
Thanks for sharing detailed steps to SSO for Office 365.
However I want my other applications to be integrated with SSO as well for my employees.
Is it possible to use the same approach to do so?
I have tried out miniorange SSO as well and was able to test it out successfully with couple of other apps along with office 365.
You can check the same here – https://www.miniorange.com/sso-2fa-integration-for-microsoft-applications