In this document you are going to set up IDmelon as an external IdP to the Office.

Execute these commands in the Windows Power Shell

$cred = Get-Credential

Connect-MsolService -Credential $cred


Get all values for {..} from your IDmelon panel. If you are currently login here, you will see the replaced values instead.

$dom = domain

$uri = idp_issuer_uri

$url = idp_single_sign_on_ur

$logouturl = idp_single_sign_on_url

$cert = idp_certificate_download_url
Set-MsolDomainAuthentication -DomainName $dom -FederationBrandName $dom -Authentication Federated
-PassiveLogOnUri $url -SigningCertificate $cert -IssuerUri $uri -LogOffUri $logouturl
-PreferredAuthenticationProtocol SAMLP

Check your SAML configuration

the result is :

$dom = domain
Get-MSolDomainFederationSettings -DomainName $dom | Format-List *

You need to Set ImmutableID for your current user

Example of users.csv file:


[email protected];
[email protected];

Load CSV

$csvFile = Import-Csv C:\\idmelon\\users.csv -Delimiter ";"

Create arrays for skipped and failed users

$SkippedUsers = @()
$FailedUsers = @()

Loop through CSV records

    foreach ($item in $csvFile) {
        $upn = $item.UserPrincipalName
        $UserPrincipalName =  (Get-MsolUser -UserPrincipalName  $upn  | select UserPrincipalName).UserPrincipalName
        $objectID = (Get-MsolUser -UserPrincipalName  $upn  | select ObjectId).ObjectId.Guid
        if ($UserPrincipalName) {
            Set-MSOLuser -UserPrincipalName $UserPrincipalName -ImmutableID $objectID
            } catch {
            $FailedUsers += $upn
            Write-Warning "$upn user found, but FAILED to update."
        else {
            Write-Warning "$upn not found, skipped"
            $SkippedUsers += $upn

Show result

Get-MsolUser -all | Select-Object UserprincipalName,objectID,ImmutableID


  • Open Azure directory admin.


  • Click on users.


  • Choose a user.

  • Click on Authentication methods.

  • Delete Authentication method option.


API Token

From the side menu, navigate to the App registrations menu and click New registrations.


  • Enter the desired name for your Application.

  • Then from Supported account types select who can use your API.

    • Tip : for more information of the choices please select Help me Choose….
  • Click Register.


Then you can see your API information, which you have Copy and send these informations to idmelon.

  • Copy Application (client) ID.

  • Copy Directory (tenant) ID.

Then please for accessing to Client Secret click Add a certificate or secret in Client credentials field.


From Certificate & secrets panel please click on New client secret :

  • Enter the desired description for your client secret.

  • Click Add.


Finally, you can Copy your client secret from Client credentials field.


Please send these information to IDmelon, in order to get your users from office panel.