Office 365 Single Sign On Tutorial

Flatter Files can be integrated with Office 365 such that users will login to Flatter Files by logging into their Office 365 account. This simplifies the management of passwords for users, improves security, and allows you to give bulk access to user groups in your Office 365 directory without having to manually create each individual user account in Flatter Files. When a new user logs into Flatter Files for the first time using Office 365, all existing Flatter Files Admin accounts will receive an email at which point the Admin can update the users settings as appropriate. If a user is removed from your Office 365 directory they will also automatically no longer be able to access Flatter Files.

In addition to Single Sign On integration, Office 365 can be used for sending emails such that the resulting emails come directly from the user’s Office 365 account which improves delivery of the emails and improves company branding. For details on how to send emails using Office 365 please visit this link.

Prerequisites:

  1. Administrator access to your Flatter Files account.
  2. Administrator access to your companies Office 365 account.
  3. An Administrator account that uses an email address for the login that is different from your companies email domain. Once your account is configured for Single Sign On through Office 365 you must login using this method if the user’s email matches the domain configured. Thus, if a mistake occurs then it is easy to get locked out of your account. To prevent this, manually add a gmail or other generic email address to your account as a admin until the process is completed and verified to work correctly.
  4. Send an email to [email protected] to let us know the domain you plan to use for your account. We must approve the domain usage by manually adding it to a list of acceptable domains that will be used for single sign on for the configuration to work.

1. Login to Office 365 and access the Office Admin Center

The first step is to sign in to Office 365 as an administrator such that you can enable Office 365 to work with Flatter Files. The steps below show you how to sign in and access the Office Admin Center.

  • Go to office.com and click sign in.
  • Login to access your Office 365 account with an Administrator user account.
  • Once logged in as an Administrator you should see something similar to the image below.
Office 365 Home Page
  • Click the Admin tile which will take you to the Office Admin Center as shown below.
Office 365 Admin Center

2. Access the Azure AD Admin Center

The Azure Active Directory Admin Center is where you will configure your online directory to be used by Flatter Files. Access this directory by following the instructions below.

  • From the Office Admin Center, expand the Admin Centers option on the left navigation menu.
  • This will list all of the specific Admin Centers for the various Office 365 products.
Azure Home
  • Click to navigate to the Azure AD Admin Center.
  • The resulting Azure AD Admin center (Classic Portal) is shown below.
Azure Home
  • WARNING: If you are redirected to the new portal which looks very different, then you will need to switch to the Classic Portal.
  • The new portal as of summer 2017 cannot be used to add Flatter Files to your directory due to an issue in the new portal when adding any application.
  • If you add the application using the new portal then Flatter Files initiated logins will not work and you will have to remove the application and then add the application again using the Classic Portal.
  • To switch to the Classic Portal, click the Azure Active Directory menu option and then click the option to go to the Classic Portal as shown in the image below.
Switch to classic portal

3. Add Flatter Files as an application for your directory

When you login using Single Sign On, Flatter Files will request the appropriate authentication from Azure Active Directory. For this to work, you must add Flatter Files as an application that your directory is authorized to communicate with.

  • Click the “Applications” link in the middle of the page as shown by a red array in the image above.
  • At the bottom of the page, click the “Add” option as shown below.
Office 365 Enterprise Applications
  • This should display the image shown below.
  • Click the option to “Add an application from the gallery.”
Office 365 Flatter Files Listing
  • At the top right, enter “Flatter Files” into the search box and click enter as shown below.
Office 365 Flatter Files Listing
  • You must now enter a display name as shown at the bottom of the image above. Unfortunately there is a bug in the portal such that this display name is not typically shown. To make it appear, click on the Flatter Files entry in the search results, then click tab until the Display name option is shown.
  • Enter “Flatter Files” as the display name.
  • Click the check mark at the bottom right.

4. Configure Single Sign On

Flatter Files has now been added as an application to your directory. You will now obtain the SSO settings that will be used to configure Flatter Files to connect correctly to your Azure Active Directory account.

  • The image shown below should now be shown which is the Application page for Flatter Files in your Azure Active Directory.
Application Added
  • Click the “Configure single sign-on” large green button.
  • The image below will be displayed. Click the first option to use Microsoft Azure AD Single Sign-On.
SAML Config 1
  • Click the arrow at the bottom right to proceed to the next page.
SAML Config 1
  • Click the arrow again to skip the page shown above and proceed to the page shown below.
  • Click the “Download certificate” option (1). This file will be used in the next step.
  • Copy and save the Single Sign-On Service URL (2) which will be used in Step 6.
  • Enable the option to confirm that Single Sign-On has been configured (3).
  • Click the arrow at the bottom right to proceed to the next page (4).
SAML Config 1
  • Enter your email address for the notification email input.
  • Click the check mark at the bottom right to complete the
SAML Config 1

5. Convert Certificate

To use the certificate that was downloaded in the previous step, you must convert it to a base 64 text value. This can be done very easily in Windows without any additional softare. The steps are detailed below.

  • Open the .cer file that was downloaded in the previous step by simply double clicking it. Once opened, the image below on the left will be shown.
SAML Cert 1
  • Click the Details tab to display the image above on the right.
  • Then click the Copy to File… button that is on the Details tab.
  • This will display a wizard to help you export the correct file type.
  • Click Next and then select the Base 64 option as shown below.
SAML Cert 3
  • Click next and then browse to a location and filename that you can easily locate.
  • Once this files has been saved, right click the file, navigate to “Open with” and then select “Choose another program.”
  • Select Notepad or other similar text editor to open the exported file.
  • Copy the text in this file between the BEGIN CERTIFICATE and END CERTIFICATE.

6. Login to Flatter Files and input SAML Settings

Now that you have added Flatter Files to your Azure Active Directory (Step 3), obtained the Single Sign-On URL (Step 4), and converted the certificate (Step 5) it is time to enter this information into Flatter Files.

  • Login into Flatter Files using an Administrator user account.
  • Navigate to Dashboard (1) > Settings (2) > Company Settings (3) as shown below.
Company Settings
  • Enable the option “Use SAML 2.0 for Authentication” (4).
  • Click the button “Configure SAML” (5) which will display the window shown below.
Company Saml Settings
  • Enter your companies email domain, in the example above I am using flatterfiles.net

The domain entered must be sent to [email protected] for approval. If it has not been added to the approval list then when you click Submit below to update your settings an error message indicating this issue will be shown.

  • Copy and paste the Single Sign On URL from Step 4 into the input named Identify Provider URL.
  • Copy and paste the text from the certificate obtained in Step 5 into the input named Identity Provider Certificate.
  • Click Update to save the SAML settings.

Flatter Files will now redirect all email addresses that use the specified domain to Office 365 for authentication. Existing users Flatter Files passwords will no longer be useful since it is no longer possible to login directly to Flatter Files using those credentials. Although everything is now configured, you must on a per user basis assign the user to having access to Flatter Files which is detailed in the next step.


7. Assign Users to the Flatter Files Application in Azure

For a user to be able to access Flatter Files when using Office 365 credentials, you must assign Flatter Files as an application that they are allowed to access from within the Azure portal. The process for assigning a single user is shown below. Ideally you will assign users in bulk.

  • Return to Azure Portal where you left off in Step 4. The image below should be shown.
Office 365 Flatter Files Listing
  • Click the “Users” option to display the image shown below.
  • Select a user or users and then click the “Assign” button at the bottom.
Office 365 Flatter Files Listing
  • The users assigned should now be able to access Flatter Files using Single Sign On using their Office 365 credentials.

8. Login to Flatter Files from flatterfiles.com

There are two ways to login to Flatter Files once SSO is enabled, from the Flatter Files website and directly from your Office 365 home page. The steps below show how to login to Flatter Files from the website. To login directly from the Office.com portal please see Step 9 for details.

  • To login from the Flatter Files website, simply navigate to flatterfiles.com and then click Login at the top right.
  • Assuming you are not already logged into Flatter Files a login prompt should be displayed. Click the blue button “Login w/SSO” which will display the page below.
Office 365 Flatter Files Listing
  • Enter your email address and then click Submit.
  • This will send a request to Office 365 to verify your identity. If necessary, Office 365 will prompt you to login. Once completed you will be redirected to the Flatter Files web application.
  • Flatter Files mobile applications and Uploader also support this SSO login via Office 365 and works very similarly.

It is possible to simplify this SSO login process by creating a company specific link to Flatter Files. Details on how to do this can be found by following this link. The linked tutorial will describe how to create a link that will bypass the process described above and instead will simply redirect you to Office 365 for login.


9. Login to Flatter Files from office.com

The steps below will first show you how to add a shortcut to Flatter Files to your office.com portal. Once the shortcut is added, you will just click the resulting Flatter Files shortcut to automatically login to Flatter Files without any additional login prompt.

  • To login to Flatter Files from the Office 365 portal, navigate to office.com and sign in if necessary.
  • Click the application menu button at the top left of the page to display your Office 365 applications.
  • Click the “All” filter in the menu and then start to type Flatter Files.
  • Once the Flatter Files entry is displayed hover over the entry and click the 3 dots on the right hand side of the entry.
  • This will display the menu shown below.
Office 365 Flatter Files Listing
  • Click the option “Pin to home.”
  • Return to the Home filter in the menu and you should now see the Flatter Files tile listed.
  • If you would like you can drag the tile to a new location in the menu.
Office 365 Flatter Files Listing
  • To access Flatter Files, simply click the tile and you will be automatically logged into Flatter Files and the web application will be loaded.

9. Complete

This tutorial is now complete. Your account should now be integrated with your Office 365 account such that users will login to Flatter Files using their Office 365 credentials. If you have any questions or need additional help please email [email protected].