Office 365 Application: Migrating from Microsoft Online to Microsoft Graph

Passly supports federated sign-in and synchronization with Office 365 integration. 

There are 2 ways you can set up Office 365 integration: Microsoft Online and Microsoft Graph.

Note: Microsoft Online is planned for deprecation by Microsoft. This is no longer recommended for any production instances of Microsoft 365.

We recommend using Microsoft Graph. This document contains a helpful information regarding moving from an existing Microsoft Online Office 365 Application in Passly to a Microsoft Graph Application.

 

Migration Steps

  1. Read the “What should I re-check before the switch?” and “What can affect my synchronized Users and Groups during the switch?” sections;
  2. Follow “How can I do the switch?”;
  3. Verify “How can I check that everything works after?”;

Rollback

In case you need a rollback “How can I revert the changes back to Microsoft Online?”.

1. What should I re-check before the switch?

If you have an Office 365 Application in Passly federated via Microsoft Online, it’s better to use the same Application instance for the switch. So if you have “Office 365 Online” in the SSO Manager that currently federated via Microsoft Online, you should not create any new, just use the existing one.

Please check that all the Users and Groups in the Directory Manager have Application Sync Source linked to your Office 365 Application instance.

d13a6749-88cd-4d06-93d7-af7c2583e562.png

These Users and Groups should be able to use the Office 365 Application after the switch.

2. What can affect my synchronized Users and Groups during the switch?

Do not disconnect or remove Office 365 Application from Passly. That will disconnect all the Users and Groups and de-federate the domain from Passly so Users won’t be able to use Passly SSO.

Set up Synchronization settings carefully. The most “soft” settings are the following. Please check that all the checkboxes and selection lists contain the values from the screen.

8c7ec002-cdb5-4043-9c8b-ff0556fc49a6.png

3. How can I do the switch?

You should use the following guide. You should start from the step 2 as you already have an Application and Permission Group . Please set up the App Registration in Azure carefully. Do not forget about all listed Permissions and Global Admin Role. Follow “Federation via Microsoft Graph” section steps. Please check that “Federate Automatically” option is checked.

4. How can I check that everything works after?

When you open up your Office 365 Application you should see the “green light” and the messages that Domain is federated, verified and Issuer is valid.

c8ad1c23-1461-4e67-a675-1ccc159cbc39.png

The Synchronization Tab contains a valid saved settings, especially the Sync Source. The Users can see the Office 365 Application on their Launchpad and successfully login.

If all these requirements are met, then you set everything up successfully.

5. How can I revert the changes back to Microsoft Online?

If you want to revert changes back to Microsoft Online, just follow the same guide and use “Federation via Microsoft Online” section . Keep in mind that “Federate automatically” option should be unchecked in that case and a valid issuer should be set up via PowerShell script:

$creds = Get-Credential
Connect-MSOLService -Credential $creds
$domain = "<your_domain>"
$issuer = "https://<passly_homerealm>.passly.com/trust"
Set-MsolDomainFederationSettings -DomainName $domain -IssuerUri $issuer

 

 

 

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section