Configure Domain Federation in Entra ID

The Integration Details page shows important information about the SAML integration:

Connection Details lists the credentials and URLs that may be needed when configuring Specops Authentication as the identity provider in the service provider's system.
Domain federation setup scripts lists the PowerShell commands that can be used to configure domain federation and designate Specops Authentication as your identity provider in Microsoft Entra ID. To setup federation, see Configure Domain Federation.
Signing certificates lists the certificates automatically created for the application. When a certificate is close to expiring, you can rotate it to generate a new certificate. For information, see Rotate a Signing Certificate.

Configure Domain Federation

When you configure federation with Specops Authentication for a domain in Microsoft Entra ID, all users in that domain are affected. If you are testing this configuration, consider using a test domain. Federation changes can take 2 to 3 hours to take effect, and users may experience an outage during that time.

To configure federation:

Scroll down to the Domain federation setup scripts section on the Integration Details page.
Copy the Connect-MgGraph -Scopes "Domain.ReadWrite.All" command, run it in Powershell and authenticate as an administrator for your tenant.
Copy the entire New-MgDomainFederationConfiguration command, replace [MY_DOMAIN] with your actual domain name (for example, "mydomain.com"), and run the command. Federation is now enabled on the domain and Specops Authentication is configured as SAML identity provider in Microsoft Entra ID. When users on this domain try to authenticate with Microsoft, for example on office.com, they will be redirected to Specops Authentication.

Note

Users may still be asked to setup Microsoft Authenticator after authenticating the first time, if Security defaults are enabled in Microsoft Entra ID. This can be disabled by configuring Conditional Access instead.

Also see Set up a trust between your SAML identity provider and Microsoft Entra ID.
When finished, click Close.