{"id":91638,"date":"2023-06-16T21:48:09","date_gmt":"2023-06-17T01:48:09","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&#038;p=91638"},"modified":"2024-06-25T14:45:58","modified_gmt":"2024-06-25T18:45:58","slug":"sso-with-m365-alternative-manual-service-provider-set-up-method","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/sso-with-m365-alternative-manual-service-provider-set-up-method","title":{"rendered":"SSO with Microsoft 365 &#8211; Alternative Manual Service Provider Set Up Method"},"content":{"rendered":"\n<p>If you need a more advanced configuration when you set up Single Sign On (SSO) for Microsoft 365 in JumpCloud, you can use the commands provided in this article&nbsp;with the Microsoft Graph PowerShell SDK.<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>Make sure modern authentication is enabled for the Microsoft&nbsp;365 Tenant. Learn more in&nbsp;<a href=\"https:\/\/jumpcloud.com\/support\/enable-modern-authentication-for-m365\">Enable Modern Authentication for Microsoft 365<\/a>.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Running the command<\/strong><\/h2>\n\n\n\n<ol>\n<li>Run PowerShell as an administrator and install the Microsoft.Graph Module for Windows PowerShell, if it is not already installed:<\/li>\n\n\n\n<li>Modify the PowerShell execution policy:\n<ul>\n<li>Set the Execution Policy to Remote Signed by running Set<kbd>-ExecutionPolicy RemoteSigned<\/kbd><\/li>\n\n\n\n<li>Answer A to confirm the change to the Execution Policy.<\/li>\n\n\n\n<li>Enter your M365 Global Administrator credentials.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Connect to the Microsoft Graph with the required scopes:<\/li>\n\n\n\n<li>Run <kbd>Install-Module PowershellGet<\/kbd><\/li>\n\n\n\n<li>Answer Y to install the NuGet Provider<\/li>\n\n\n\n<li>Answer A to Answer Yes to All to install from PSGallery.<\/li>\n\n\n\n<li>Run <kbd>Install-Module Microsoft.Graph<\/kbd><\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p><br>Connect-MGGraph -Scopes &#8220;Domain.ReadWrite.All&#8221;, &#8220;Directory.AccessAsUser.All&#8221;, &#8220;Organization.ReadWrite.All&#8221;, &#8220;Directory.ReadWrite.All&#8221;<\/p>\n<\/div><\/div>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card tip\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Tip:<\/strong> \n<p>For more information &#8211; see <a href=\"https:\/\/learn.microsoft.com\/en-us\/sharepoint\/find-your-office-365-tenant-id\" target=\"_blank\" rel=\"noreferrer noopener\">Find your Office 365 Tenant<\/a>&nbsp;<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<ol start=\"5\">\n<li>Define your Microsoft 365 Domain:<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>$domain=&#8221;yourdomain.tld&#8221;<\/p>\n<\/div><\/div>\n\n\n\n<ol start=\"6\">\n<li>Define the IDP URL, this is the same value as the <strong>IDP URL<\/strong> in the connector, default value shown:<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>$idpUrl=&#8221;https:\/\/sso.jumpcloud.com\/saml2\/office365&#8243;<\/p>\n<\/div><\/div>\n\n\n\n<ol start=\"6\">\n<li>Define the SSO metadata URI:\n<ul>\n<li>Log in to the <a href=\"https:\/\/console.jumpcloud.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">JumpCloud Admin Portal<\/a><\/li>\n\n\n\n<li>Navigate to the <strong>SSO Applications<\/strong> tab<\/li>\n\n\n\n<li>Find and select Microsoft 365<\/li>\n\n\n\n<li>Select the <strong>SSO<\/strong> tab and click <strong>Copy Metadata URL<\/strong><\/li>\n\n\n\n<li>Return to your&nbsp; Powershell window<\/li>\n\n\n\n<li><kbd>$metadataUri<\/kbd> = &lt;<kbd>https:\/\/sso.jumpcloud.com\/saml2\/metadata\/&#8230;<\/kbd>&gt;<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Define the logout URL: <\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>$logoutUrl=\u201dhttps:\/\/console.jumpcloud.com\/userconsole\/\u201d<\/p>\n<\/div><\/div>\n\n\n\n<ol start=\"8\">\n<li>Define the public cert:<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card important\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/important-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Important:<\/strong> \n<p>This variable can&#8217;t contain &#8212;&#8211;BEGIN CERTIFICATE&#8212;&#8211; and &#8212;&#8211;END CERTIFICATE&#8212;&#8211; and can&#8217;t contain spaces or newlines.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>Export the metadata file from your JumpCloud SSO configuration and copy the certificate string between <\/p>\n\n\n\n<p><kbd>&lt;ds:X509Certificate&gt; and &lt;\/ds:X509Certificate&gt;<\/kbd><\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>$certificate=&#8221;MIIDtTCCAp2gAwIBAgIJAJUpvv+YllN1MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAlVTMRMwEQY\u2026<br>TRUNCATED\u2026<br>wcsC1lArmug\/\/RG+BPp6yT6qhsm4g4wVcxpHWT8cA1py0TQaIQbNnBqNLDbQJl9oJ3PB9eiKEpEWtdtmcQOW3yB1AdxsQBKxtaNT5PypyLqnJ+e8=&#8221;<\/p>\n<\/div><\/div>\n\n\n\n<ol start=\"9\">\n<li>Define the Issuer URI, this&nbsp;<strong><em>must<\/em><\/strong>&nbsp;be the same value as the <strong>IdP Entity ID<\/strong> previously defined in the JumpCloud SSO configuration:<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>$issuerUri=&#8221;https:\/\/YOUR_DOMAIN.com<\/p>\n<\/div><\/div>\n\n\n\n<ol start=\"10\">\n<li>Enable SSO for the defined domain:<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>New-MgDomainFederationConfiguration -DomainId $domain -DisplayName \u201cJumpCloud\u201d -MetadataExchangeUri $metadataUri -IssuerUri $issuerUri -SignOutUri $logoutUrl -PassiveSignInUri $idpUrl -ActiveSignInUri $idpUrl -SigningCertificate $certificate -PreferredAuthenticationProtocol saml -FederatedIdpMfaBehavior \u201cacceptIfMfaDoneByFederatedIdp\u201d | Format-List<\/p>\n<\/div><\/div>\n\n\n\n<ol start=\"11\">\n<li>Disconnect from the Graph connection:<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>Disconnect-MGGraph<\/p>\n<\/div><\/div>\n\n\n\n<p>Now that you\u2019ve configured the service provider, read&nbsp;<a href=\"https:\/\/jumpcloud.com\/support\/sso-with-m365#authorizing-user-sso-access\">SSO with Microsoft 365\/Entra ID<\/a>&nbsp;to learn how to authorize user access and validate authentication workflows.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Troubleshooting<\/h2>\n\n\n\n<div class=\"wp-block-cgb-accordion-faq-wysiwyg gutenberg-accordion\"><a class=\"gutenberg-accordion-header is-type-title-default has-text-night-blue\" href=\"#i_am_getting_an_issueruri_error_\" data-action=\"collapse\">I am getting an issuerUri error.<\/a><div id=\"i_am_getting_an_issueruri_error_\" class=\"gutenberg-accordion-content-container is-collapsible\"><div class=\"gutenberg-accordion-content\">\n<p>Check the <strong>IdP Entity ID<\/strong> value in JumpCloud to the value entered in the $issuerUri command &#8211; it must match exactly and be in a \u201chttps:\/\/domain.com\u201d <strong>or<\/strong> \u201curn:uri:domain.com\u201d format. <\/p>\n<\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>If you need a more advanced configuration when you set up Single Sign On (SSO) for Microsoft 365 in JumpCloud, [&hellip;]<\/p>\n","protected":false},"author":205,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[2855,2954,2998,2991,2902],"support_tag":[],"coauthors":[2839],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>SSO with M365 - Manual Service Provider Set Up - JumpCloud<\/title>\n<meta name=\"description\" content=\"Use PowerShell to run the Azure Active Directory Module and perform the command to manually set up your alternative SSO service provider.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/sso-with-m365-alternative-manual-service-provider-set-up-method\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SSO with Microsoft 365 - Alternative Manual Service Provider Set Up Method\" \/>\n<meta property=\"og:description\" content=\"Use PowerShell to run the Azure Active Directory Module and perform the command to manually set up your alternative SSO service provider.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/sso-with-m365-alternative-manual-service-provider-set-up-method\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2024-06-25T18:45:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"890\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"joyjaswinski\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/sso-with-m365-alternative-manual-service-provider-set-up-method\",\"url\":\"https:\/\/jumpcloud.com\/support\/sso-with-m365-alternative-manual-service-provider-set-up-method\",\"name\":\"SSO with M365 - Manual Service Provider Set Up - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"datePublished\":\"2023-06-17T01:48:09+00:00\",\"dateModified\":\"2024-06-25T18:45:58+00:00\",\"description\":\"Use PowerShell to run the Azure Active Directory Module and perform the command to manually set up your alternative SSO service provider.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/sso-with-m365-alternative-manual-service-provider-set-up-method#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/sso-with-m365-alternative-manual-service-provider-set-up-method\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/sso-with-m365-alternative-manual-service-provider-set-up-method#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"SSO with Microsoft 365 &#8211; Alternative Manual Service Provider Set Up Method\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"SSO with M365 - Manual Service Provider Set Up - JumpCloud","description":"Use PowerShell to run the Azure Active Directory Module and perform the command to manually set up your alternative SSO service provider.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/sso-with-m365-alternative-manual-service-provider-set-up-method","og_locale":"en_US","og_type":"article","og_title":"SSO with Microsoft 365 - Alternative Manual Service Provider Set Up Method","og_description":"Use PowerShell to run the Azure Active Directory Module and perform the command to manually set up your alternative SSO service provider.","og_url":"https:\/\/jumpcloud.com\/support\/sso-with-m365-alternative-manual-service-provider-set-up-method","og_site_name":"JumpCloud","article_modified_time":"2024-06-25T18:45:58+00:00","og_image":[{"width":890,"height":525,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes","Written by":"joyjaswinski"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/sso-with-m365-alternative-manual-service-provider-set-up-method","url":"https:\/\/jumpcloud.com\/support\/sso-with-m365-alternative-manual-service-provider-set-up-method","name":"SSO with M365 - Manual Service Provider Set Up - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"datePublished":"2023-06-17T01:48:09+00:00","dateModified":"2024-06-25T18:45:58+00:00","description":"Use PowerShell to run the Azure Active Directory Module and perform the command to manually set up your alternative SSO service provider.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/sso-with-m365-alternative-manual-service-provider-set-up-method#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/sso-with-m365-alternative-manual-service-provider-set-up-method"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/sso-with-m365-alternative-manual-service-provider-set-up-method#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"SSO with Microsoft 365 &#8211; Alternative Manual Service Provider Set Up Method"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/91638"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/205"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/91638\/revisions"}],"predecessor-version":[{"id":111976,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/91638\/revisions\/111976"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=91638"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=91638"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=91638"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=91638"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}