The SDO service allows users secure, password-free access to Microsoft 365 portals and services. Users are able to log into the console by authorizing the connection through an app on their phone. This article provides the steps needed to enabled the SDO service for Microsoft 365 and federate the domain that SDO will use for access.
Before you begin: The Microsoft 365 integration with SDO should be performed using a Global Admin with the native *.onmicrosoft.com domain local to the tenant. If you do not have a .onmicrosoft.com Global Admin user and need assistance in creating one, please contact our Support Team.
If you plan on integrating SDO with Microsoft 365 services and an External or on-premise Active Directory, we highly recommend configuring AD Connect between the two platforms before adding the SDO integration for those services.
More information on Azure AD Connect can be found in the following Microsoft article:
Set up directory synchronization for Microsoft 365
Primary Domain Considerations
Accessing the Microsoft 365 environment through SDO requires the federation of a domain with SDO. Once a domain is federated, users logging into any Office 365 account with that domain will automatically be redirected to the SDO platform to authorize their login via the Authenticator App. In most cases, a company will opt to federate their primary domain so that users can log in with the same address where they receive email. When the primary domain is federated with SDO, all users who log into Microsoft 365 using their primary email address will automatically be directed to the SDO login, which will prompt the Authenticator App to authorize the login.
The authentication domain must be unfederated before proceeding with the configuration steps below.
If your preference or company needs necessitate keeping the primary domain unfederated or federated with a different source, it is possible to use an Intermediary Domain for SDO Authentication. Please contact our Support Team for assistance on setting up SDO with an Intermediary domain.
Enabling SDO for Office 365
- In the Control Panel, click on My Services from the left-hand menu.
- Click on the Secret Double Octopus vendor band to expand it.
- Under the expanded vendor band, click on the Services tab.
- Click on the Microsoft Office 365 service
- Select your primary domain from the Domain drop-down field.
- Click the Activate Microsoft Office365 button.
- Under the Configuration tab, enter the your domain.
- Click on the Save button.
Setting up the Microsoft 365 tenant for SDO Authentication
To begin the process of federating your Microsoft 365 Domain, simply click on the Onboarding Wizard button under the Services tab of the Secret Double Octopus Services page. This will launch a guided wizard that will check your tenant for compatibility and complete the federation process.
As a reminder, we recommend the user of a Global Admin in the native *.onmicrosoft.com domain to complete the federation process.
- In the first page of the Wizard, select your primary Domain, Global Admin username, and Global Admin user password. Click the Begin Onboarding button.
- Click the Identify Issues button. This will check for any issues that may prevent the federation of your domain with SDO, such as a login issue with the provided credentials, or pre-existing federation. The wizard will check for any issues with the domain, such as pre-existing federation to another source. Click the Next button to continue.
- The wizard will check if a change to the default domain in the tenant is required. Click the Next button to continue.
- The wizard will check the users within the tenant for valid refresh tokens. Click the Validate Tokens button to continue.
- Click the Next button to continue.
- The wizard will check the users in the tenant for valid Immutable IDs. Click the Check Immutable Ids button to continue.
- Click the Next button to continue
- Click the Federate To SDO button to complete the process of federating your custom domain to SDO for authentication.
- Finally, click the Done button to close the onboarding wizard.