How to onboard "MS Office 365 productivity" apps on SSPM?

3758

Created On 09/05/23 20:10 PM - Last Modified 10/24/24 03:39 AM

SaaS Security API

Prisma SaaS

Prisma SASE

SASE

SaaS Security

SaaS Security Inline

Symptom

The article explains how to onboard MS Office 365 productivity apps.

Environment

SSPM (Saas Security Posture Management)
SaaS Security

Cause

SSPM workflow is different from Data Security as SSPM has L3 connector for which we scraping to get the config settings

Resolution

When you try to onboard Office 365 productivity apps through SSPM, follow the below procedure to onboard the application.
The Office365 - Productivity Apps to Posture Security doesn't support MFA via email or SMS.

Click on SSPM and connect to Office 365 Productivity Apps

The Office365 - Productivity Apps require the following permission scopes

Permission/Scopes	Purpose
Credentials of Global Admin are required	To access the Admin Center settings.

Login with User Name and Password

The below information is required to onboard the Microsoft Office 365 - Productivity Apps application using “Log in with Username and Password”.

Username:
1. Description: An email address of the registered user account with Microsoft.
2. Purpose: Email is required to log in to the My Apps dashboard.
Password:
1. Description: A password of the registered user account with Microsoft.
2. Purpose: A password is required to log in to the My Apps dashboard.

IF OKTA is being used for authentication, use the following method.

Log in with Okta

The below information is required to onboard the Microsoft Office 365 - Productivity Apps application using “Log in with Okta”. (How to configure Okta)

Username:
1. Description: Username of the registered user account with Okta.
2. Purpose: A username is required to log in to the Okta dashboard.
Password:
1. Description: A password of the registered user account with Okta.
2. Purpose: A password is required to log in to the Okta dashboard.
Okta subdomain:
1. Description: A subdomain of the Okta account. (How to get Okta subdomain)
2. Purpose: A subdomain is required to navigate to the company's Okta page.
Okta 2FA secret:
1. Description: The 2FA secret is the key to Multi-factor Authentication. (How to get Okta 2FA Secret)
2. Purpose: Secret key is required to grant access and authenticate the user from Multi-factor Authentication.

Log in with Azure

The below information is required to onboard the Microsoft Office 365 - Productivity Apps application using “Log in with Azure”. (How to configure Azure)

Email:
1. Description: Email of the registered user account with Azure.
2. Purpose: An email is required to log in to Azure’s My Apps dashboard.
Password:
1. Description: A password of the registered user account with Azure.
2. Purpose: A password is required to log in to Azure’s My Apps dashboard.
Azure 2FA secret:
1. Description: The 2FA secret is the key to Multi-factor Authentication. (How to get Azure 2FA Secret)
2. Purpose: Secret key is required to grant access and authenticate the user from Multi-factor Authentication.

How to get the required details?

Okta Subdomain

Steps to get the Okta subdomain:

Navigate to the Okta login page. (link)

Enter your company name. (Use this company name as Okta subdomain)
Click on the next button.

Okta 2FA secret

Users can generate the Okta 2FA secret using Okta Verify as per here.
Users can generate the Okta 2FA secret using Google Authenticator as per here.

Azure 2FA secret

Users can generate the Azure 2FA secret using Google Authenticator as per here.

Configure SAML 2.0

Okta - Please follow this documentation available on Okta’s official website.
Azure AD - Azure AD is the native authentication method for all Microsoft applications. To enable MFA for Azure AD users, please follow this documentation available on Microsoft’s official website.

Additional Information

https://jira-dc.paloaltonetworks.com/browse/DIT-32110