End-User Flow

Sign-in experience for end user is different based on his location and the device used to access Office 365 services.

Access through Outlook client (SP Initiated SSO)

Cloud Secure requires Microsoft Office 2013 or 2016 client for providing SSO access to emails through modern authentication. In Office 2016 client, Microsoft has added support for modern authentication (for doing web browser SSO) and is enabled by default. Earlier versions of outlook client support only ECP profile for SAML exchanges.

Follow below steps to enable modern authentication in Office 2013 clients on Windows platform:

1.Update Office 2013 client to obtain the update that includes the new Azure Active Directory Authentication Libraries (ADAL) based authentication features.

2.Set the following registry keys.

Registry Key

Type

Value

HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\EnableADAL

REG_DWORD

1

HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\Version

REG_DWORD

1

End-Users are usually not recommended to change the registry settings

Below steps need to be performed once for setting up Outlook client to access emails:

1.Add email account in Outlook client by navigating to File > Add Account (in Windows) or Tools > Accounts (in MAC). Provide only the name and email address (without password) and click Next. In latest version of Outlook client, provide only Email address

2.Outlook client starts searching for server settings and once the details are obtained, new browser windows is opened and gets redirected to Ivanti Connect Secure login page.

3.Provide user credentials and ‘Sign In’ for authenticating with Ivanti Connect Secure.

4.After successful authentication with Ivanti Connect Secure, SAML SSO is triggered and email account gets added to Outlook.

Access through browser (SP Initiated SSO)

1.Open web browser and access Microsoft login URL “https://login.microsoftonline.com/”

2.Provide Email address and press tab. It automatically redirects to Ivanti Connect Secure login page

3.Provide credentials in the user login page to authentication to Ivanti Connect Secure.

4.After successful authentication, user gets redirected to ADFS, ADFS in turn redirects to Microsoft Office 365 portal site giving access to Office365 services.

If the client has an existing VPN connection to Ivanti Connect Secure, then the same session will be reused and provides seamless SSO without asking for credentials

Access through Ivanti Connect Secure/Ivanti Connect Secure bookmark (IdP Initiated SSO)

1.Open web browser and access Ivanti Connect Secure external URL (Ex: https://sso.ivanti.com)

2.Provide credentials in the user login page to authenticate to Ivanti Connect Secure.

3.Once authenticated, click on Office 365 Web Bookmark in the homepage

4.Single Sign-On will happen and user gets redirected to ADFS, ADFS in turn redirects to Microsoft Office 365 portal site giving access to Office 365 services.