Configuring Office 365

Within the App Details section, fill out as follows:

• Location = Outside my corporate network

• Name = Office 365 * URL = https://login.microsoftonline.com/login.srf

• Related Domains: *.login.microsoftonline.com

• Description = (default)

Within the Single Sign On section, fill out as follows:

• Assertion URL = https://login.microsoftonline.com/login.srf

• Audience = urn:federation:MicrosoftOnline

• Name ID Format = Persistent

• Name ID = Active Directory GUID

• Advanced Attributes:

  Attribute Name: IDPEmail

  Attribute Format: Unspecified

  Attribute Value: Email

Office 365 SaaS Application Federation to Citrix Gateway

PowerShell commands to configure FEDERATED Mode on Microsoft Cloud:

• PS> connect-msolservice

Note: A Microsoft Cloud Account should be used to connect to msolservice.

For example, admin.user@onmicrosoft.com

• PS> Install-Module AzureAD -Force
• PS> Import-Module AzureAD -Force
• PS> Install-Module MSOnline -Force
• PS> Import-module MSOnline -Force

Configure the Federation settings unique to the Citrix Gateway Customer subscription:

• PS> $dom = "ad-domain.com"

Note: The ad-domain.com namespace is the user authentication domain*

• PS> $fedBrandName = "CitrixNS(TME)"
• PS> $url = "https://customerID.cloud.com/cgi/tmlogout"
• PS> $uri = "https://citrix.com/customerID"
• PS> $ecpUrl = "https://app.netscalergateway.net/ngs/<customerID>/saml/login?APPID=<app-ID>"

Supply the SAML IdP certificate from Citrix Gateway:

• PS> $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("c:\cert\saml_idp.crt")
• PS> $certData = [system.convert]::tobase64string($cert.rawdata)

Execute the PS string to complete the msol Federation to Citrix Gateway:

• PS> Set-MsolDomainAuthentication -DomainName $dom –federationBrandName $fedBrandName -Authentication Federated -PassiveLogOnUri $ecpUrl -SigningCertificate $certData -IssuerUri $uri -ActiveLogOnUri $ecpUrl -LogOffUri $url -PreferredAuthenticationProtocol SAMLP

Validate the Domain Federation and settings are complete:

• PS> Get-MsolDomainFederationSettings

DomainName: customerID.com

ActiveLogOnUri https://customerID.cloud.com/saml/login

FederationBrandName customerID(TME)

IssuerUri https://citrix.com/customerID

LogOffUri https://customerID.cloud.com/cgi/tmlogout

PassiveLogOnUri https://citrix.comcustomerID

SigningCertificate MIIG3zCCBMegAwIBAgIJAMUTG1zqJgUZMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYDVQQGEwJVUzEQMA4

Office 365 Suite Applications

• Outlook https://outlook.office365.com/

• OneDrive for Business https://customerid.sharepoint.com/

• Word https://office.live.com/start/Word

• Excel https://office.live.com/start/Excel

• PowerPoint https://office.live.com/start/PowerPoint

• OneNote https://www.onenote.com/

• SharePoint https://customerid.sharepoint.com/

• Teams https://teams.microsoft.com/

• Yammer https://www.yammer.com/office365

• Dynamics 365 https://customerid.dynamics.com/

• Flow https://flow.microsoft.com/

Reference Links

Azure PowerShell Module Reference

Azure PowerShell Command Reference

Deploy Office 365 Directory Synchronization in Microsoft Azure