Office 365 Single Sign-On Integration

The Office 365 Single Sign-on (SSO) Integration creates a client application that uses Auth0 for authentication and provides SSO capabilities for Office 365. Your users log in to Office 365 with Auth0 identity providers, which means the identity provider performs the identity credentials verification.

Before you begin:

Sign up for an Office 365 account.
Set up a connection, which is a source of users. Connections can be databases, social identity providers, or enterprise identity providers, and can be shared among different applications. You may set up more than one connection for use with SSO integrations.

To configure an Office 365 SSO integration, you will:

Consent to Auth0 SSO integration
Configure Auth0 SSO integration
Configure integration with Office 365
Enable connections

Navigate to Auth0 Dashboard > SSO Integrations, and click + Create SSO Integration.
Select Office 365.
Click Continue to grant the integration access to the listed permissions.

Enter a name for your SSO Integration, and click Save. Save Integration

To configure the integration with Office 365, follow the instructions listed in the Tutorial view.

Before you continue, make sure you have your SSO integration Client ID. You will use the Client ID to replace the SSO_CLIENT_ID placeholders.

Locate Client ID

Provide the following SAML protocol configuration parameters:

SAML Version: 2.0
Issuer: urn:YOUR_DOMAIN
Identity Provider Certificate: https://YOUR_DOMAIN/pem
Identity Provider SHA1 fingerprint: A6:14:84:AC:34:55:FA:14:87:19:15:81:67:77:D2:59:EB:13:4B:FC
Identity Provider Login URL (be sure to replace the SSO_CLIENT_ID placeholder with the Client ID of your SSO Integration): https://YOUR_DOMAIN/samlp/SSO_CLIENT_ID
Identity Provider Metadata (be sure to replace the SSO_CLIENT_ID placeholder with the Client ID of your SSO Integration): https://YOUR_DOMAIN/samlp/metadata/SSO_CLIENT_ID

Alternatively, to log in with a specific identity provider, you can add a connection parameter (be sure to replace the SSO_CLIENT_ID placeholder with the Client ID of your SSO Integration):

https://YOUR_DOMAIN/samlp/SSO_CLIENT_ID?connection=email
https://YOUR_DOMAIN/samlp/SSO_CLIENT_ID?connection=google-oauth2
https://YOUR_DOMAIN/samlp/SSO_CLIENT_ID?connection=Username-Password-Authentication

Was this helpful?/

In this case, Auth0 will redirect users to the specified connection and will not display the Login widget. Make sure you send the SAMLRequest using HTTP POST.

Choose the connections to use with your SSO integration. Users in enabled connections will be allowed to log in to Office 365. By default, all configured connections are enabled.

Select the Connections view.
Toggle the sliders next to connection names to enable or disable them.

Docs