You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.

Looking for the Diagnostic Utility?

Click Here For Download and Usage Instructions

Office 365 - Azure AD Users Unable to Login


Users are unable to access Office 365 with federated Azure Active Directory users. 


  • Federated Active Directory users must be synchronized from an on-premise Active Directory.


Azure Active Directory Configuration

Create a dynamic group to set an ACL within PortalGuard.

  1. Login to Azure Active Directory and click 'Groups'.
  2. Create a new group by clicking on 'New Group'.
  3. Enter the following information:
  4. Click 'Add dynamic query'.
  5. Enter the following query:
  6. Save the dynamic query by clicking 'Save'.
  7. Lastly, click 'Create' to save the dynamic group.

PortalGuard Configuration

Update the Identity Claims and Authorization for the Office 365 - Cloud relying party.

  1. Navigate to the PortalGuard server and open the Identity Provider Configuration Editor.
  2. Create a copy of the Office 365 relying party.
  3. Navigate to the Identity Claims tab.
  4. Update the Attribute Store to use an Azure AD directory.
  5. Edit the objectGUID claim to search for the immutableId attribute.
  6. Edit the ImmutableID claim to search for the immutableId attribute.
  7. Navigate to the Authorization tab.
  8. Click 'Add' to limit access to the relying party for synchronized users.
  9. Search for the new dynamic group that was created above.
    • ​​​​
  10. Click the 'Save' button.
  11. From the main screen of the Identity Provider Configuration Editor, click the 'Apply to Identity Provider' button. 
  12. Click the 'Sync' button

REV. 06/2021 | PortalGuard

  • 142
  • 23-Jun-2021