- Create a OneLogin account and purchase a plan based on your needs.
- Install the Active Directory Connector (this component constitutes the link between on-premise Active Directory and Azure Active Directory which is the directory service for Office 365 and Exchange Online in particular).
- Configure "Desktop SSO".
- Install the OneLogin browser extensions for Internet Explorer (or whatever browser your prefer). This will allow Single Sign On (SSO) for access to Office 365 via the web interface. For Outlook, we must adjust the Outlook profile.
Purchase a OneLogin plan
We can view current OneLogin plans and pricing with this link:
OneLogin - Products and Pricing
You would select the number of users at the bottom of the page and then click on "Select this plan"
Installation and Configuration of the Active Directory Connector
- The client first logs on to OneLogin (yes, OneLogin) using their on-premises Active Directory credentials.
- OneLogin verifies these credentials with the on-premises Active Directory domain controllers.
- If the credentials are valid, OneLogin opens a session with Office 365.
Here is a summary of the prerequisites. We need:
- .NET 3.5 (only supported version at the time I compose these lines).
- Windows 2003 Server and above
- Open Outbound TCP port 443
Installing an Active Directory Connector
First, we logon to our OneLogin account:
We then go to Users > Directories:
There are 3 simple steps:
- I name the directory (I'll name mine "MYNET Active Directory")
- Download and execute the ADC application
- Enter the token when requested.
And here is the step where I enter (copy and paste) the Directory Token provided above:
I will use the default port:
And click "Install":
We finish (by default) on the Connector Instances tab. Status should be "Connected":
The OU Selection tab allows us to adjust our choice of OUs to synchronize with OneLogin:
The Directory Attributes tab shows the user attributes that are imported into OneLogin. We can add more if necessary:
The "Avanced" tab offers some additional configuration options:
For example, we can "Synchronize disabled users". If I disable a user (so they no longer can access onsite resources), I would probably also want to limit their access to Cloud-based resources (O365 in this case) as well.