You must prepare your Office 365 domain for Application Manager. If the domain is managed, you must convert it to federated.

1

Using the Microsoft Online Service Module in Power Shell, run a cmdlet such as the following:

Set-MsolDomainAuthentication 
–DomainName domain_name
–Authentication Federated 
–IssuerUri horizon_org_name
-FederationBrandName Federation_server_name
-PassiveLogOnUri https://host:port/SAAS/API/1.0/POST/sso
-LogOffUri https://login.microsoftonline.com/logout.srf
-ActiveLogOnUri https://host:port/SAAS/API/1.0/wsfed/services/active/usernamemixed?org=Tenant name
-MetadataExchangeUri https://host:port/SAAS/API/1.0/wsfed/services/mex/wsfedmex
-SigningCertificate SAML signing cert from Application Manager
Replacing the cmdlet Variables

Line of cmdlet

cmdlet Variable or Variables

Replace with

–DomainName

domain_name

Your organization domain name, such as example.com.

–IssuerUri

horizon_org_name

The short tenant (also referred to as "organization") name used in Application Manager, such as example where example.horizonmanager.com is your fully qualified tenant name in Application Manager.

-FederationBrandName

Federation_server_name

The fully qualified tenant name, such as example.horizonmanager.com.

-PassiveLogOnUri

host and port

The fully qualified tenant name and the SSL port, such as example.horizonmanager.com and 443

-ActiveLogOnUri

host, port, and Tenant name

The fully qualified tenant name, the SSL port, and the short tenant name, such as example.horizonmanager.com, 443, and example.

-MetadataExchangeUri

host and port

The fully qualified tenant name and the SSL port, such as example.horizonmanager.com and 443

-SigningCertificate

SAML signing cert from Application Manager

The Application Manager signing certificate. Navigate through the following path using the Application Manager Administrator Web interface, Admin > Settings > SAML Certificate, copy the Signing Certificate, excluding “-----BEGIN CERTIFICATE-----” and “-----END CERTIFICATE-----,” and paste it as the value for -SigningCertificate

2

Run the following cmdlet to list the values you sent to Office 365:

Get-MsolDomainFederationSettings -DomainName domain_name

The preceding command lists the values you provided to Office 365 using the Set-MsolDomainAuthentication cmdlet.

3

Verify that the values listed by the Get-MsolDomainFederationSettings cmdlet match the values you intended to input with the Set-MsolDomainAuthentication cmdlet.

Synchronize the Active Directory instance that you use with Application Manager with the Microsoft Office 365 service. See Synchronize Active Directory with Microsoft Office 365.