While working on a support ticket i tried to setup a new Windows VM to be able to use the powershell script offered by the wizard. The current description is outdated, so the SAML setup for the app cannot be completed easily. I simultaneously tried to setup a VM with Win10 and Win7. With Win10 and different Powershell Versions (i tried 6 and 7), i could not get the MSOnline module installed and be useable. The first report about this is quite old (Bug 48586), but we should recheck it, it should be able to setup the Connector using Win10. Disclaimer: I stopped my tests when i got the Win7 VM to work. With Win7, the instructions are outdated, one needs at least to follow the instructions at [1] to install the MSOnline module. Maybe we could setup a help article and link to it from the Wizard, instead of occasionally updating the App. [1] https://dirteam.com/sander/2020/04/09/knowledgebase-you-receive-error-unable-to-download-when-you-try-to-install-the-azuread-or-msonline-powershell-module/
We could also check if we can setup UCS as an external IdP in a different way. The Azure Portal currently has a section with a wizard to configure "External Identities" in the Azure Active Directory view.
The powershell script did not work in now two different customer environments. I have to say, in my testenvironment it was still working, but for both customers, rewriting the script provided in the keycloak migration guide to use the new MG-Graph Modul worked and solved the keycloak connection. Since we reached March, 30 2025 we should do something! https://learn.microsoft.com/en-us/previous-versions/troubleshoot/microsoft-365/admin/connect-error-0x800488ee Azure AD and MSOnline PowerShell modules are deprecated as of March 30, 2024. To learn more, read the deprecation update. After this date, support for these modules are limited to migration assistance to Microsoft Graph PowerShell SDK and security fixes. The deprecated modules will continue to function through March, 30 2025. We recommend migrating to Microsoft Graph PowerShell to interact with Microsoft Entra ID (formerly Azure AD). For common migration questions, refer to the Migration FAQ. Note: Versions 1.0.x of MSOnline may experience disruption after June 30, 2024. -------------------------------------------------------- Possible error message are: "You do not have permissions to call this cmdlet". OR Set-MsolDomainAuthentication : Unable to complete this action. Try again later. In Zeile:1 Zeichen:103 + ... on Managed; Set-MsolDomainAuthentication -DomainName mein-verifizierter-dom-name.de - ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OperationStopped: (:) [Set-MsolDomainAuthentication], MicrosoftOnlineException + FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.InternalServiceException,Microsoft.Online.Adm inistration.Automation.SetDomainAuthentication
In addition this https://help.univention.com/t/howto-re-initialize-o365-after-certificate-change/14366 is also not working anymore, which is important, if the certificate is renewed.
Currently the setup of the 365 connector does not work anymore. While there is a workaround, this is a very bad first impression. Additionally, this blocks migration to Keycloak for customers who want to upgrade to 5.2. There will be a lot of customers trying to do that, since the summer vacation is now starting. I increase the number of affected customers.
This works on 2 customer environments to solve the issue. https://help.univention.com/t/how-to-setup-and-migrate-office-365-integration-with-keycloak/24414