To configure Microsoft 365 to use CloudGen Access as its Identity Provider, you need to federate a Microsoft account domain. To federate is to establish authentication and/or authorization trust of your domain with Microsoft. Follow the steps below or see https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-saml-idp to get started.
It is important to have a fallback method for accessing your Microsoft 365 account to prevent getting locked out. (i.e. a login with another domain such as onmicrosoft.com, which generally comes with each Microsoft 365 account.)
To avoid an endless loop, if you have already created a Microsoft 365 resource, you cannot create a Microsoft open ID Connect resource. Alternatively, if you have already created a Microsoft open ID Connect resource, you cannot add a Microsoft 365 resource.
CloudGen Access server information to use with domain configuration
You will need the SAML configuration information for Single Sign-On (SSO) configuration.
Login to your CloudGen Access account.
The SAML configuration is selected from a previously configured SaaS Resource to access Microsoft 365. See Add Resource if this has not yet been completed.
Go to Access > Resources and click View Server Settings under SSO Configuration.
This information will be needed in the Configuring your domain section below.
Configuring your domain
Install PowerShell if not already on your device. Most Microsoft Windows operating systems will already have it.
Open PowerShell in Administrator mode.
Install the MSOnline component with the following command:
$ Install-Module MSOnline
Run
$ Connect-MsolService
A window to log in to Microsoft appears.
Run the following command to federate your domain authentication to CloudGen Access. Before doing this process, be sure you have a way to log into your Microsoft account with another domain (e.g. onmicrosoft.com) in case the configuration is invalid. Otherwise, you will be locked out of your account.
Authentication Domain to CloudGen Access:
barracuda.com
Select the Microsoft 365 apps that you want to enable and show the end user portal (app catalog). You can also configure custom URLs for each.
Your Microsoft domain is now being secured by CloudGen Access. You can confirm that the domain is being federated by running the command:
$ Get-MsolDomain
You will have to set an ImmutableId to your users that matches the NameID format that CloudGen Access sends (in this case, the email address):
$ Set-MsolUser -UserPrincipalName[email] -ImmutableId[email]
To confirm what is an ImmutableId of a user, run:
$ get-msolUser -PrincipalName[email]|select ImmutableId