Application Setup

The first step is to create a Microsoft 365 application in the BlokSec admin console. This generates the federation endpoints and signing certificate that Microsoft will use to trust BlokSec as your identity provider.

Create the application

1. Sign in to the BlokSec admin console
2. Navigate to Applications in the sidebar
3. Click Add Application
4. Select the Microsoft 365 template from the list

Screenshot pending

/screenshots/admin/integrations/microsoft-365/application-template.png

Application template selection showing the Microsoft 365 template

Select the Microsoft 365 template

Configure the application

After selecting the template, you’ll be asked to configure a few settings:

Application name

Give the application a descriptive name. This is shown to users in the BlokSec app when they receive a sign-in request, so use something recognizable like “Microsoft 365” or “Microsoft 365 — [Your Company]”.

Login URL

The login URL is pre-filled for Microsoft 365:

https://login.microsoftonline.com

Leave this as-is unless you have a custom login portal.

Session duration

Set how long a user’s session remains valid before they need to re-authenticate with BlokSec. The default is 8 hours, which works well for a typical workday. You can adjust this based on your security policy:

• 4 hours — Higher security environments
• 8 hours — Standard office use (recommended)
• 12 hours — Reduced friction for shift workers or environments with lower security requirements

Tip

This controls the BlokSec session only. Microsoft 365 has its own session policies that apply independently. For the smoothest user experience, set the BlokSec session duration to be equal to or longer than your M365 session policy.

Primary authentication flow

Choose how users are notified when they need to approve a sign-in:

• Push notification (recommended) — Users receive a push notification on their phone and tap to approve
• QR code — Users scan a QR code displayed on the sign-in page with the BlokSec app

Screenshot pending

/screenshots/admin/integrations/microsoft-365/application-config.png

Application configuration form with name, login URL, session duration, and authentication flow settings

Configure the application settings

Note

Even when push is the primary flow, a QR code is always shown as a fallback on the sign-in page. This ensures users can still authenticate if push notifications don’t reach their device.

Save and continue

Click Save to create the application. The admin console will generate:

• A unique application identifier (DID)
• Federation endpoints — the URLs that Microsoft 365 will use to communicate with BlokSec
• A signing certificate — used to sign the security tokens that BlokSec issues

You’ll use these in the next step when you configure federation.

Screenshot pending

/screenshots/admin/integrations/microsoft-365/application-created.png

Newly created Microsoft 365 application showing its federation endpoints and signing certificate

Your Microsoft 365 application is ready for federation