cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to configure Azure AD domain federation configuration other than via Azure AD Powershell

Ayesha Dissanayaka
Copper Contributor

‎Jul 18 2018 10:15 AM

‎Jul 18 2018 10:15 AM

How to configure Azure AD domain federation configuration other than via Azure AD Powershell

As I am trying setup User sign-in for Office365 with a 3rd party Identity Provider, I came across multiple resources on how to configure Azure AD via Windows PowerShell like this reference.

         ex:  Set-MsolDomainFederationSettings

 

I am curios whether there are other means Azure AD web interface or a REST API to do the same?Appreciate any reference on this.

Labels:
2,764 Views
0 Likes
4 Replies
Reply
4 Replies
Nestori Syynimaa

‎Jul 18 2018 11:31 AM

‎Jul 18 2018 11:31 AM

Re: How to configure Azure AD domain federation configuration other than via Azure AD Powershell

Hi Ayesha,

 

Unfortunately there is no web interface to do this, but I think you could use Graph API. However, it is easiest to setup using PowerShell. Below is a script to start with. It is using MSOnline module (see http://o365blog.com/powershell).

 

Active and Passive login urls are used by active clients (i.e. Skype for Business) and web clients. Issuer and signin cert must match your IdP's settings.

 

$Domain="yourdomain.com"
$LogOffUrl = "https://yourprovider/logoff/"
$ActiveLoginUrl = "https://yourprovider/login/"
$PassiveLoginUrl = "https://yourprovider/login/"
$SigningCert = "yourpublickey_in_Base64"
$Issuer = "http://yourprovider/something"
$Protocol = "SAMLP"
Set-MsolDomainAuthentication -DomainName $Domain -Authentication Federated -IssuerUri $Issuer -LogOffUri $LogOffUrl -PassiveLogOnUri $PassiveLogInUrl -ActiveLogOnUri $ActiveLogInUrl -SigningCertificate $SigningCert -PreferredAuthenticationProtocol $Protocol

 

0 Likes
Reply
Ayesha Dissanayaka

‎Jul 18 2018 10:41 PM

‎Jul 18 2018 10:41 PM

Re: How to configure Azure AD domain federation configuration other than via Azure AD Powershell

@Nestori Syynimaa wrote:

Hi Ayesha,

 

Unfortunately there is no web interface to do this, but I think you could use Graph API. However, it is easiest to setup using PowerShell. Below is a script to start with. It is using MSOnline module (see http://o365blog.com/powershell).

 

Active and Passive login urls are used by active clients (i.e. Skype for Business) and web clients. Issuer and signin cert must match your IdP's settings.

 

$Domain="yourdomain.com"
$LogOffUrl = "https://yourprovider/logoff/"
$ActiveLoginUrl = "https://yourprovider/login/"
$PassiveLoginUrl = "https://yourprovider/login/"
$SigningCert = "yourpublickey_in_Base64"
$Issuer = "http://yourprovider/something"
$Protocol = "SAMLP"
Set-MsolDomainAuthentication -DomainName $Domain -Authentication Federated -IssuerUri $Issuer -LogOffUri $LogOffUrl -PassiveLogOnUri $PassiveLogInUrl -ActiveLogOnUri $ActiveLogInUrl -SigningCertificate $SigningCert -PreferredAuthenticationProtocol $Protocol

 

Thank you very much for the valuable information @Nestori Syynimaa.

As I am working on a non Windows OS, I am interested in a way other than a Powershell. 

I have referred the Azure AD Graph API reference and couldn't find any API resource ffor modifying federation configuration. 

 

Any reference on how to use some API is highly appreciated.

0 Likes
Reply
Nestori Syynimaa

‎Jul 18 2018 11:18 PM

‎Jul 18 2018 11:18 PM

Re: How to configure Azure AD domain federation configuration other than via Azure AD Powershell

Hi Ayesha,

 

I double-checked both Azure AD Graph API and Microsoft Graph API (newer one) but creating/editing federated domains is not currently supported. So I guess you need to borrow someone's Windows machine to do this..

0 Likes
Reply