Office

In this document you are going to set up IDmelon as an external IdP to the Office.

Execute these commands in the Windows Power Shell

$cred = Get-Credential

Connect-MsolService -Credential $cred

Get-MsolDomain

Get all values for {..} from your IDmelon panel. If you are currently login here, you will see the replaced values instead.

$dom = domain

$uri = idp_issuer_uri

$url = idp_single_sign_on_ur

$logouturl = idp_single_sign_on_url

$cert = idp_certificate_download_url

Set-MsolDomainAuthentication -DomainName $dom -FederationBrandName $dom -Authentication Federated
-PassiveLogOnUri $url -SigningCertificate $cert -IssuerUri $uri -LogOffUri $logouturl
-PreferredAuthenticationProtocol SAMLP

Check your SAML configuration

the result is :

$dom = domain
Get-MSolDomainFederationSettings -DomainName $dom | Format-List *

You need to Set ImmutableID for your current user

Example of users.csv file:

UserPrincipalName

[email protected];
[email protected];

Load CSV 

$csvFile = Import-Csv C:\\idmelon\\users.csv -Delimiter ";"

Create arrays for skipped and failed users 

$SkippedUsers = @()
$FailedUsers = @()

Loop through CSV records 

    foreach ($item in $csvFile) {
        $upn = $item.UserPrincipalName
        $UserPrincipalName =  (Get-MsolUser -UserPrincipalName  $upn  | select UserPrincipalName).UserPrincipalName
        $objectID = (Get-MsolUser -UserPrincipalName  $upn  | select ObjectId).ObjectId.Guid
        if ($UserPrincipalName) {
            try{
            Set-MSOLuser -UserPrincipalName $UserPrincipalName -ImmutableID $objectID
            } catch {
            $FailedUsers += $upn
            Write-Warning "$upn user found, but FAILED to update."
            }
        }
        else {
            Write-Warning "$upn not found, skipped"
            $SkippedUsers += $upn
        }
    }
    foo()

Show result 

Get-MsolUser -all | Select-Object UserprincipalName,objectID,ImmutableID

Passwordless

  • Open Azure directory admin.

alt

  • Click on users.

alt

  • Choose a user.

  • Click on Authentication methods.

  • Delete Authentication method option.

alt

API Token

From the side menu, navigate to the App registrations menu and click New registrations.

alt

  • Enter the desired name for your Application.

  • Then from Supported account types select who can use your API.

    • Tip : for more information of the choices please select Help me Choose….

  • Click Register.

alt

Then you can see your API information, which you have Copy and send these informations to idmelon.

  • Copy Application (client) ID.

  • Copy Directory (tenant) ID.

Then please for accessing to Client Secret click Add a certificate or secret in Client credentials field.

alt

From Certificate & secrets panel please click on New client secret :

  • Enter the desired description for your client secret.

  • Click Add.

alt

Finally, you can Copy your client secret from Client credentials field.

alt

Please send these information to IDmelon, in order to get your users from office panel.

Edit this page on GitHub
×