This article describes the step-by-step process to migrate from the deprecated Office 365 v1 app available from the Centrify App Catalog to the updated Office 365 WS-Fed + Provisioning v2 app.
Applies to: Centrify Identity Service
Users are currently authenticating into Office 365 with version 1 of the Centrify Office 365 app, which required DirSync and only supported WS-Fed functionality. This has since been deprecated and replaced by the newer Office 365 (WS-Fed + Provisioning) app.
How can our organization move from the Office 365 v1 app to the newer Office 365 (WS_Fed + Provisioning) app template with minimal downtime for users?
Although the move from v1 to v2 of the Centrify for Office 365 app should only take a few minutes in practice, it is recommended to also allow enough time for sufficient testing after the migration is complete and to notify end-users that there may be some minor interruptions during the migration window.
To transition from the Centrify Office 365 (Deprecated) app to the newer Office 365 WS-Fed + Provisioning app template, use the below steps.
1. Back up any policy script modifications and customizations made in the Office 365 v1 app settings and note the current Office 365 admin account details and the currently enabled user access roles. These roles and app settings will need to be manually added to the new app template.
2. Delete the Office 365 (Deprecated) app from the Centrify Admin Portal.
Note: this action will automatically remove domain federation for the Office 365 domain and convert it from "Federated" to "Managed" (cloud identity) state. See the following Microsoft article for additional information.
4. On the new Office 365 Application Settings page, configure the application by entering the Office 365 global admin credentials to populate the list of available domains for federation.
5. Locate the domain within the list that was previously federated with the legacy app and right-click on the domain entry - select Federate Domain. The Office 365 domain will now be re-federated and linked to the new app template.
6. Re-enable any User Access roles any policy script customizations saved from Step 1
7. Save the app template and verify successful user login to the Office 365 application from the Centrify User portal
The above steps only migrate the single-sign-on component of Office 365 from the Centrify O365v1 app to the Centrify O365v2 app. There are no changes made to any of the provisioning components (such as Microsoft's Azure AD Connect utility) that handle the importing of Active Directory accounts into Office 365.
If the Microsoft Azure AD Connect (formerly DirSync) software is working as expected and meeting requirements of the environment, then no further action is needed. (Note: Azure AD Connect was a requirement of O365v1 for provisioning, optional in O365v2)
If it is desired to switch from Microsoft Azure AD Connect to Centrify Provisioning as well, then please first carefully review the documentation for Centrify Provisioning, before disabling AD sync and then enabling Centrify Provisioning:
Note: Be very careful to NOT have both Microsoft sync software and Centrify Provisioning enabled at the same time. Having two different provisioning engines trying to import users from the same source into the same Office 365 tenant can lead to unpredictable results. Configuration of multiple synchronization methods is not currently supported by Centrify.