Converting domain to federated

Once you have met the above requirements, you can proceed to convert your domain to federated from inside of the Windows Azure AD PowerShell. You will need information found on the Single Sign-On Setup page.

Steps

  1. Navigate to Policies > Policies.
  2. Select Microsoft 365 and then click the Microsoft 365 instance.




  3. On the Office 365 Instance dialog, select the SAML SSO option button as Cutoff Method.


    By default, the Cutoff Method is set to None.
    Note: The Microsoft 365 tile will be hidden from User Portal when the Cutoff Method is set to None in the Office 365 Instance dialog.
  4. Click OK to save the Office 365 instance.
    The application setup page displays Setup Web SSO link when SAML SSO is selected as the Cutoff Method.
  5. Click Save to save the Microsoft 365 setup page.
  6. Click the Setup Web SSO link to view the details of the Single Sign-On Setup page.




    Once you have the information above, you will need to open up the Windows Azure AD PowerShell and type Connect-MsolService and enter your authentication credentials for an administrator of your Microsoft 365 account to connect to your Microsoft 365 instance.

  7. If your domain is not already federated, copy the Non-Federated Domain Command and paste it into the PowerShell.
  8. If your domain is already federated, copy the Federated Domain Command and paste it into the PowerShell.
    Note: In some scenarios you may want users to be logged out of both Forcepoint ONE SSE and an external IdP when clicking the logout link in the application. To accomplish this, use https://portal.bitglass.com/accounts/logout/ as the Logout URL instead of the default of https://portal.bitglass.com/portal/
  9. Once you have successfully federated and configured Forcepoint ONE SSE as the SAML IdP:
    1. Navigate back to the Policies > App Policies page and scroll down to the Microsoft 365 application.
    2. Setup a policy line for Direct App Access and have an admin or a user login directly once to validate the SAML SSO setup.
    3. Setup another policy to send users through Secure App Access (reverse proxy).
    4. Adjust your policies to start sending users through the Forcepoint ONE SSE proxy and test to ensure it is working.