SSO with Microsoft 365 – Alternative Manual Service Provider Set Up Method

If you need a more advanced configuration when you set up Single Sign On (SSO) for Microsoft 365 in JumpCloud, you can use the command provided in this KB with the MSOnline module.

Running the command

1. Start Powershell on a system with the Azure Active Directory Module for Windows PowerShell installed.
2. Define variables. This will prompt for log in, the username accepts UPN format, such as [email protected].
3. Run:
   $cred=Get-Credential
    
4. Connect with the saved credentials:
   Connect-MsolService –Credential $cred
    
5. Define your Microsoft 365 Domain:
   $domain=”yourdomain.tld”
    
6. Define the idpUrl, this is the same value as the IDP URL in the connector, default value shown:
   $idpUrl=”https://sso.jumpcloud.com/saml2/office365″
    
7. Define a logout URL:
   $logoutUrl=”https://console.jumpcloud.com/userconsole/”
    
8. Define the public cert.

9. Define the Issuer URI, this must be the same value as the IDP Entity ID previously defined:
   $issuerUri=”yourdomain.com”
    
10. Run the following to enable SSO for the defined domain:

Set-MsolDomainAuthentication –DomainName $domain -FederationBrandName $domain -Authentication Federated -IssuerUri $issuerUri -LogOffUri $logoutUrl -PassiveLogOnUri $idpUrl -ActiveLogOnUri $idpUrl -SigningCertificate $certificate -PreferredAuthenticationProtocol SAMLP

Now that you’ve configured the service provider, read SSO with M365 to learn how to authorize user access and validate authentication workflows.