Install-Module Microsoft.Graph -Scope CurrentUser
Get-InstalledModule Microsoft.Graph
Connect-MgGraph -Scopes "User.Read.All","Group.ReadWrite.All"
Install-Module MSOnline
Import-Module MSOnline
Connect-MsolService
$domainName = "midominio.co"
[xml]$idp = Get-Content <metadata-xml-file-path>
$activeLogonUri = "https://login.microsoftonline.com/login.srf"
$signingCertificate = ($idp.EntityDescriptor.IDPSSODescriptor.KeyDescriptor.KeyInfo.X509Data.X509Certificate | Out-String).Trim()
$issuerUri = $idp.EntityDescriptor.entityID
$logOffUri = $idp.EntityDescriptor.IDPSSODescriptor.SingleSignOnService.Location[0]
$passiveLogOnUri = $idp.EntityDescriptor.IDPSSODescriptor.SingleSignOnService.Location[0]
Set-MsolDomainAuthentication -DomainName $domainName -FederationBrandName $domainName -Authentication Federated -PassiveLogOnUri $passiveLogOnUri -ActiveLogOnUri $activeLogonUri -SigningCertificate $signingcertificate -IssuerUri $issuerUri -LogOffUri $logOffUri -PreferredAuthenticationProtocol "SAMLP"
Set-MsolDomainAuthentication -DomainName $domainName -Authentication Managed
importante actualizar el inmutable id para todos los usuarios de lo contrario no podrán iniciar sesión
1. descargar los uaurios de: https://portal.azure.com/#view/Microsoft_AAD_UsersAndTenants/UserManagementMenuBlade/~/AllUsers
2. ejecutar en powershell
$user_file =import-csv "C:\descargas\exportUsers.csv"
$user_file | ForEach-Object { Set-MsolUser -UserPrincipalName $_.Userprincipalname -ImmutableId $_.Userprincipalname}
Set-MsolUser -UserPrincipalName prueba@midominio.co -ImmutableId prueba@midominio.co
https://portal.azure.com/#view/Microsoft_AAD_UsersAndTenants/UserManagementMenuBlade/~/AllUsers
