Secureframe offers an integration with Microsoft Office 365 to seamlessly pull in users and associated data and authorizes your users to sign-in via Office365 OAuth.

There is no additional cost for connecting this Office 365 integration and does not require domain verification.

Setup & Configuration

1. To integrate Office 365 with Secureframe, first click on the Integrations page using the left hand navigation
2. Search for Office 365 under the Available Integrations tab or click on the Business Suite category.
3. Click Connect and follow the detailed steps in the connection form.
4. Determine whether or not you want to include guest and unlicensed account in the data being pulled into Secureframe.

Note: If your company is using an SSO IdP to sign-in to Secureframe, you can restrict users from signing in via Office365 OAuth on the Single Sign-on tab in Company Settings.

Learn more about the various sign-in options Secureframe offers here.

Permissions, Fields, Controls, Automated Tests

1. Click the provided link or navigate to the “Integration” page.
2. Select the “Available” tab.
3. Search for the integration.
4. Click “View Details”.

Microsoft GCC High Login

Secureframe now supports sign-in with Microsoft GCC High, enabling access for customers in Microsoft 365 Government environments, including Government Community Cloud (GCC) High tenants.

This means that once your organization is integrated with Office 365, users from Commercial, GCC, and GCC High environments can all sign in using their Microsoft credentials via Secureframe’s login page.

No additional configuration is required beyond setting up Microsoft SSO with your Azure tenant. 

Frequently Asked Questions (FAQ)

Does Secureframe support Microsoft GCC High logins?

• Yes, Secureframe supports sign-in with Microsoft GCC High.

A specific users has access to O365, but not reflected in Secureframe?

• If your O365 connection is configured to exclude guest and unlicensed accounts, then non-member accounts will not be pulled into the platform. Once you add them as a member, and with the next integration sync, the account should get pulled into the platform.

I have MFA enabled (MS Authenticator) but the Multi-factor authentication for business suite providers (Office 365) is still failing?

• An Azure AD Premium P1 (or higher tier) license is required to pull in MSA information through APIs.
• If the connected Office 365 account does not have that license, please use the "Pass with upload" option on the test.
• 

Can I be a Global Administrator through a group membership?

• No, we currently do not support Global Administrator access through group memberships. To gain Global Administrator privileges, you must be assigned the role directly. If you are currently an admin through a group, please ask your administrator to assign the role to you directly.

Why am I seeing a “Needs admin approval” message when signing in with Microsoft?

• If you're seeing the “Needs admin approval” message when attempting to sign in via Microsoft, it typically means that additional authorization is required for the app to access your Microsoft account. To resolve this, you'll need to complete the reauthorization and consent process. Depending on your Microsoft tenant settings, this may need to be done either by a global administrator or by the individual user.
  • For more information on configuring consent settings, Microsoft provides the following resources:
  • Managing user consent to apps in Microsoft 365
  • Grant tenant-wide admin consent to an application
  • User and admin consent in Microsoft Entra ID
    • If you're unsure how your tenant is configured, we recommend reaching out to your Microsoft 365 administrator for assistance.