Clarification on office 365 integration

A client wants to use an application we wrote, and authenticate his users with their office 365 accounts.

I’m having a difficult time mapping terminology to what I understand, being new to auth0 and office 365.

We have successfully implemented the auth0 control in our application so that we can authenticate using the Microsoft identity provider. This was fairly painless, but it seems that we need to do a little bit more so that the office 365 emails can be recognized.

It’s complicated by the fact that though we write the application, any microsoft configurations must be done by their administrators.

I found two docs that seem to relate to this.


As far as I can tell, their configuration matches the second scenario … “synchronized identity” … .described in the overview section of the first article, and I think what we want to do, is to migrate to the third configuration, “federated identity”, using auth0 in our application to ping they’re active directory server to authenticate the user.

Correct so far?

It seems to me the synchronization steps mentioned in this doc are unnecessary, since they have a local domain controller synced to as you’re already. Right?

So all that should be necessary, is to install the auth0 connector on to their local domain controller, and then to configure the control through the auth0 dashboard to point to the domain controller, similarly to how we pointed to the Microsoft identity provider (this is the subject of the second doc).

While installing the connector on their domain controller, their admin encountered a request for a ticket… “Enter the TICKET URL provided when you provisioned the connection”. This is indicated in the following doc:

And I’m assuming the ticket that’s necessary must be something that is generated when i provision the office365 connection. "… Enter the TICKET URL provided when you provisioned the connection… " … Is that right?

But in order to provision the application to use Office 365, I need a client ID and a client secret, that is obtained on the microsoft side.

At this point, i’d like to see if i can put together a definitive list of steps necessary to complete this task, as it’s getting difficult to go back and forth between them (their DC and microsoft account administrators) and us (the app developers)

thanks in advance for any help.

david m chinn

ps: realizing that the office 365 connection is deprecated, i’ll migrate to azure as soon as i get this base level stuff completed.