Office 365 Application: Adding Multitenancy support

Microsoft 365 integration

Passly supports federated signin and synchronization with Office 365. Usually Passly Organization has one Office 365 application instance that federates one Azure domain. Multiple domains federation means there are several domains that should be federated to one Passly Organization.

Multiple Domain Federation

Passly supports multiple domains federation per one Passly organization via several Office 365 applications. To set up multiple domains federation create a separate Office 365 application instance for each domain to be federated inside one Passly Organization. To find information about how to create Office 365 application follow this article.

Note: This feature works only using Microsoft Graph for every Office 365 application instance.

mceclip0.png

Requirements for multiple domains federation:

  • Every Office 365 application instance should use ‘Microsoft Graph’ option for federation. Passly ‘Microsoft Online’ Office 365 application doesn’t support multiple domains federation;

  • Only one Azure App Registration is required. Therefore Azure App Registration Credentials could be shared with every Office 365 application instance inside one Passly Organization. Signing Certificates from all the Office 365 applications should be uploaded to Azure App Registration.
    mceclip2.png

    In case you would like Office 365 application to have its own Azure App Registration each, they all need to be created and granted required permissions and roles in Azure;
  • One domain should be federated using one Office 365 application. Avoid creating Office 365 applications containing same domain for federation;
  • Each Office 365 application should have ‘EmailAddress' or 'PrincipalName' as a sync source. ‘PrincipalName with Organization Suffix’ won’t suit in such case because each federated domain have different organization suffix;
  • We recommend to set different groups for Permissions tab for each Office 365 application. For example domain1_group for Office 365 application having domain1 federated and domain2_group for Office 365 application having domain2 federated. Be aware that in case having only one group for both applications members of that group will see both applications on their Launchpad;
  • We recommend to name Office 365 application using a domain prefix. For example ‘Office 365 domain1' for domain1 and 'Office 365 domain2’ for domain2 to increase data readability in Application Library and Directory Manager.
    mceclip3.pngmceclip4.png

     

 

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section