SSO with Microsoft 365 – Alternative Manual Service Provider Set Up Method

If you need a more advanced configuration when you set up Single Sign On (SSO) for Microsoft 365 in JumpCloud, you can use the command provided in this KB with the MSOnline module.


Make sure modern authentication is enabled for the Microsoft 365 Tenant. Learn more in Enable Modern Authentication for Microsoft 365.

Running the command

  1. Start Powershell on a system with the Azure Active Directory Module for Windows PowerShell installed.
  2. Define variables. This will prompt for log in, the username accepts UPN format, such as [email protected].
  3. Run:
  4. Connect with the saved credentials:
    Connect-MsolService –Credential $cred
  5. Define your Microsoft 365 Domain:
  6. Define the idpUrl, this is the same value as the IDP URL in the connector, default value shown:
  7. Define a logout URL:
  8. Define the public cert.


This variable can't contain -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- and can't contain spaces or newlines.


Export the metadata file from your JumpCloud SSO configuration and copy the certificate string between

<ds:X509Certificate> and </ds:X509Certificate>




  1. Define the Issuer URI, this must be the same value as the IDP Entity ID previously defined:
  2. Run the following to enable SSO for the defined domain:

Set-MsolDomainAuthentication –DomainName $domain -FederationBrandName $domain -Authentication Federated -IssuerUri $issuerUri -LogOffUri $logoutUrl -PassiveLogOnUri $idpUrl -ActiveLogOnUri $idpUrl -SigningCertificate $certificate -PreferredAuthenticationProtocol SAMLP

Now that you’ve configured the service provider, read SSO with M365 to learn how to authorize user access and validate authentication workflows. 

List IconIn this Article

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case