Jul 18 2018 10:15 AM
As I am trying setup User sign-in for Office365 with a 3rd party Identity Provider, I came across multiple resources on how to configure Azure AD via Windows PowerShell like this reference.
ex: Set-MsolDomainFederationSettings
I am curios whether there are other means Azure AD web interface or a REST API to do the same?Appreciate any reference on this.
Jul 18 2018 11:31 AM
Hi Ayesha,
Unfortunately there is no web interface to do this, but I think you could use Graph API. However, it is easiest to setup using PowerShell. Below is a script to start with. It is using MSOnline module (see http://o365blog.com/powershell).
Active and Passive login urls are used by active clients (i.e. Skype for Business) and web clients. Issuer and signin cert must match your IdP's settings.
$Domain="yourdomain.com"
$LogOffUrl = "https://yourprovider/logoff/"
$ActiveLoginUrl = "https://yourprovider/login/"
$PassiveLoginUrl = "https://yourprovider/login/"
$SigningCert = "yourpublickey_in_Base64"
$Issuer = "http://yourprovider/something"
$Protocol = "SAMLP"
Set-MsolDomainAuthentication -DomainName $Domain -Authentication Federated -IssuerUri $Issuer -LogOffUri $LogOffUrl -PassiveLogOnUri $PassiveLogInUrl -ActiveLogOnUri $ActiveLogInUrl -SigningCertificate $SigningCert -PreferredAuthenticationProtocol $Protocol
Jul 18 2018 10:41 PM
@Nestori Syynimaa wrote:Hi Ayesha,
Unfortunately there is no web interface to do this, but I think you could use Graph API. However, it is easiest to setup using PowerShell. Below is a script to start with. It is using MSOnline module (see http://o365blog.com/powershell).
Active and Passive login urls are used by active clients (i.e. Skype for Business) and web clients. Issuer and signin cert must match your IdP's settings.
$Domain="yourdomain.com"
$LogOffUrl = "https://yourprovider/logoff/"
$ActiveLoginUrl = "https://yourprovider/login/"
$PassiveLoginUrl = "https://yourprovider/login/"
$SigningCert = "yourpublickey_in_Base64"
$Issuer = "http://yourprovider/something"
$Protocol = "SAMLP"
Set-MsolDomainAuthentication -DomainName $Domain -Authentication Federated -IssuerUri $Issuer -LogOffUri $LogOffUrl -PassiveLogOnUri $PassiveLogInUrl -ActiveLogOnUri $ActiveLogInUrl -SigningCertificate $SigningCert -PreferredAuthenticationProtocol $Protocol
Thank you very much for the valuable information @Nestori Syynimaa.
As I am working on a non Windows OS, I am interested in a way other than a Powershell.
I have referred the Azure AD Graph API reference and couldn't find any API resource ffor modifying federation configuration.
Any reference on how to use some API is highly appreciated.
Jul 18 2018 11:18 PM
Hi Ayesha,
I double-checked both Azure AD Graph API and Microsoft Graph API (newer one) but creating/editing federated domains is not currently supported. So I guess you need to borrow someone's Windows machine to do this..
Jul 21 2018 01:55 AM
Thank you very much for verifying @Nestori Syynimaa