Office 365 Single Sign-On Integration

The Office 365 Single Sign-on (SSO) Integration creates a client application that uses Auth0 for authentication and provides SSO capabilities for Office 365. Your users log in to Office 365 with Auth0 identity providers, which means the identity provider performs the identity credentials verification.

Before you begin:

Sign up for an Office 365 account.
Set up a connection, which is a source of users. Connections can be databases, social identity providers, or enterprise identity providers, and can be shared among different applications. You may set up more than one connection for use with SSO integrations.

To configure an Office 365 SSO integration, you will:

Consent to Auth0 SSO integration
Configure Auth0 SSO integration
Configure integration with Office 365
Enable connections

Navigate to Auth0 Dashboard > Applications > SSO Integrations, and click + Create SSO Integration.
Select Office 365.
Click Continue to grant the integration access to the listed permissions.

Enter a name for your SSO Integration, and click Save. Save Integration

To configure the integration with Office 365, follow the instructions listed in the Tutorial view.

Before you configure Auth0 with Azure AD:

Make sure you are using an Office 365 edition that supports this integration. Currently, Midsize Business and any Enterprise editions of Office 365 support SSO with Auth0.
Verify your Office 365 domain through DNS. Follow Mircrosoft's instructions.
Have one administrator account that you can use to sign in directly into Office 365.
Run Microsoft DirSync tool between your Active Directory and Office 365 to create your user accounts. You can download DirSync from the Office 365 Portal.

Setup

Open the Microsoft Azure Active Directory Module for Windows PowerShell.
Provide your Office 365 Service Administrator account credentials.
$cred = Get-Credential
Was this helpful?/
Create a context that connects you to Microsoft Azure AD.
Connect-MsolService –Credential $cred
Was this helpful?/

Change the domain authentication from standard identity to single sign-on.

Set-MsolDomainAuthentication -DomainName "your-office365domain.com" -FederationBrandName "your-office365domain.com" -Authentication Federated -PassiveLogOnUri "REDACTED" -ActiveLogonUri "REDACTED" -MetadataExchangeUri "REDACTED" -SigningCertificate "REDACTED" -IssuerUri "REDACTED" -LogOffUri "REDACTED" -PreferredAuthenticationProtocol WsFed

Was this helpful?/

Choose the connections to use with your SSO integration. Users in enabled connections will be allowed to log in to Office 365. By default, all configured connections are enabled.

Select the Connections view.
Toggle the sliders next to connection names to enable or disable them.

Docs