Office 365 - Azure AD Users Unable to Login
Users are unable to access Office 365 with federated Azure Active Directory users.
- Federated Active Directory users must be synchronized from an on-premise Active Directory.
Azure Active Directory Configuration
Create a dynamic group to set an ACL within PortalGuard.
- Login to Azure Active Directory and click 'Groups'.
- Create a new group by clicking on 'New Group'.
- Enter the following information:
- Click 'Add dynamic query'.
- Enter the following query:
- Save the dynamic query by clicking 'Save'.
- Lastly, click 'Create' to save the dynamic group.
Update the Identity Claims and Authorization for the Office 365 - Cloud relying party.
- Navigate to the PortalGuard server and open the Identity Provider Configuration Editor.
- Create a copy of the Office 365 relying party.
- Navigate to the Identity Claims tab.
- Update the Attribute Store to use an Azure AD directory.
- Edit the objectGUID claim to search for the immutableId attribute.
- Edit the ImmutableID claim to search for the immutableId attribute.
- Navigate to the Authorization tab.
- Click 'Add' to limit access to the relying party for synchronized users.
- Search for the new dynamic group that was created above.
- Click the 'Save' button.
- From the main screen of the Identity Provider Configuration Editor, click the 'Apply to Identity Provider' button.
- Click the 'Sync' button
REV. 06/2021 | PortalGuard