Problem: Connection fails when activating SSO for Office 365 the Powershell script

Problem:

The downloaded Powershell script from the wizard shows an error.

Investigation:

You should have two domains in your azure account within ‘Azure Active Directory’ → ‘Custom Domain Names’. The automaticly generated ‘…onmicrosoft.com’ and an other external DNS domain. Both need to verifyed.
The external DNS domain must then be specified in the wizard.

Explanation:

These .onmicrosoft.com domains only work within Azure. For Single Sign-On from an external Identity Provider an external, verified domain is mandatory.
The scenario supported by the connector: UCS users are synchronized into the Azure Active Directory, but the user password is not transmitted so the password does not leave the UCS domain. The authentication of the user then takes place via SSO at the UCS domain. This central part cannot be reconfigured, the synchronization of password hashes is not supported.

Solution:

How you can verify the external Domain is described here:

Note: if you already have users in Azure

The Office365 Connector works in such a way that users created in UCS are synchronized to Azure. At the moment there are no plans to connect to existing users. How to connect manually is described here:

Mastodon