Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here

Skyhigh Security

Integrate Skyhigh CASB for Office 365 with PingFederate SSO and SAML 2.0

You can configure Skyhigh CASB to work with Microsoft Office 365 with PingFederate SSO.  This guide shows how to integrate when using SAML 2.0 with Office 365 and Ping. If you use WSFED / SAML 1.1 then the integration only requires the change of the ACS URL

Prerequisites

Make sure the following prerequisites are in place:

  • Add a Microsoft Office 365 instance to Skyhigh CASB.
  • Create a new domain to federate the Office 365 managed service. For example, "demoXX.us" for PingFederate. 

Configure PingFederate

  1. Under IdP Configuration, add a new IdP Adapter instance named FormAdapter.
    ping_365_1.png
  2. Create a new SP connection, where:

NOTE: Save the SSO Application Endpoint for future reference. 

ping_365_2.png

  1. Export the IdP certificate from IdP Configuration > SP Connections > urn:federation: MicrosoftOnline > Digital Signature Settings > Manage Settings > Export.

ping_365_3.png

ping_365_4.png

ping_365_5.png

ping_365_6.png

Configure Skyhigh CASB

  1. Go to Settings > Service Management and select your Microsoft Office 365 instance. 
  2. On the Setup tab, under Proxy, click Continue
  3. Click Configure SAML
  4. Upload the certificate you exported from PingFederate. 
  5. Save SAML Settings
  6. Download the Powershell Script and export the script after entering the required domain name. For example, the Domain name is the federated domain such as skyhighdemoXX.net or shnpocdemo.com.
  7. Save the script to a Windows machine as SAMLScript.ps1.
  8. In a text editor, edit the script to add in the following variables:
  9. Open a PowerShell window and run the command: Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted
  10. Run the script from the PowerShell window twice.
    • First without the proxy to verify that PingFederate and O365 work together: .\SAMLScript.ps1 -federateWithoutProxy $True
    • Then run the script with the proxy: .\SAMLScript.ps1
      ping_script.png

Test SSO with PingFederate for Office 365

  1. Log in to your Office 365 RP URL https://<office RP>. 
  2. Enter the Office 365 credentials. The page should redirect to your PingFederate login. 
  3. After entering the Ping credentials, you are redirected to your Office 365 RP page. 
  • Was this article helpful?