Installation
Specops Authentication for O365 relies on the on-premises component Specops Gatekeeper to manage users in Active Directory. Refer to Install Specops Authentication Gatekeeper for the installation instructions.
In addition to the installation, some necessary preparation and post-installation steps are required for Specops Authentication for O365. Refer to the following sections for details.
Preparations
The following preparation steps must be completed before installing Gatekeeper.
Provisioning to O365
- An O365 account with global administrator rights on Microsoft Entra ID: You can purchase an O365 account or register for an Enterprise Free trial account from: https://www.office.com/?cosmicflight=cosmicredirect
- A valid domain name with access and edit rights on your domain host. Note: You cannot use the default *.onmicrosoft.com domain.
Before you begin
- Enable modern authentication in O365. This should be done for Exchange Online and Skype for Business Online (if used).
- Exchange Online, see Enable or disable modern authentication for Outlook in Exchange Online.
- Skype for Business Online, see Skype for Business Online: Enable your tenant for modern authentication.
- If your O365 implementation is using ADFS or another identity provider, you will need to de-federate the domain you want to federate with Specops Authentication.
Post-installation
The following post-installation steps must be completed after Gatekeeper has been installed.
- Create a Specops Authentication GPO:
- In the Selected GPOs section of the Gatekeeper, tag the GPOs you want to use with Specops Authentication. Affected users can have their authentication, provisioning, and license settings configured from the Specops Authentication web.
- Click Tag GPOs, select the Group Policy, and click OK. Alternatively, if you want Specops Authentication to be applied to the scope selected during the Gatekeeper installation, skip this step, and select Cloud in the last step when configuring Specops Authentication with O365.
- Enable Windows Integrated Authentication.
Uninstall Specops Authentication
To uninstall Specops Authentication, complete the steps in this section.
In Specops Authentication:
- To remove your customer account, please contact Specops Support.
- Uninstall the Gatekeeper from Program and Features.
In Microsoft Entra ID:
- Find the federation settings for the federated domain and change the authentication settings to Domain Authentication. You can do this using PowerShell.
- Browse to Enterprise Applications, All applications, Specops Authentication, and click Delete.
- Remove the Specops Exchange Sync Account, example: (specopsexchangeadminXXXX@domain.onmicrosoft.com)
PowerShell commands:
To turn off federation for a domain (set it to Managed), use this cmdlet:
This command will turn off single sign-on and multi-factor authentication with Specops Authentication. If you want to remove more information, continue to the next command.
Set-MsolDomainFederationSettings
–DomainName yourdomain.com
–IssuerUri “â€
–FederationBrandName “â€
–LogOffUri “â€
–SigningCertificate “â€
To remove the domain, and all users associated with the domain, use these cmdlets:
For more information, see MSOnline.
Uninstall local components
To uninstall local components, refer to Uninstalling Specops Authentication