Configure Office 365 for Single Sign On (SSO)

Problem statement

How to configure a new application to use Office 365 Single Sign On?

Solution

Configure Office 365 for SSO with Custom Provisioning.

The default Office 365 setup includes Active Directory and DirSync/Azure AD Sync Services, which synchronize and provision AD users living in the user’s Azure AD for SSO. In this configuration, Auth0 is the identity provider, provided Single Sign-on (SSO) for these end users.

But what if the user wants to allow contractors, partners or even customers to access Office 365 environment (e.g., SharePoint)? In that case, the default approach is not optimal because these end users would need to be created in the user’s AD environment. Instead, there will be a need to custom provision Azure AD users using Auth0 Rules.

Custom provisioning allows to create users in Azure AD (and effectively Office 365) just as they log in from any connection available in Auth0. (In this case, the rule takes over DirSync’s task for any type of connection where DirSync would not work). This configuration allows to offer a variety of login options (including, Facebook, LinkedIn, Google Workspace) to the Office 365 environment.

One of the prerequisites for this setup (Office 365 Custom Provisioning) is to have a Custom domain configured. Follow the instructions outlined to set up Office 365 with Custom Provisioning.

If the user would like to use Office 365 SSO without Custom Provisioning, instructions can be found for the setup on the marketplace where they have initially obtained Office 365 integration with Auth0.

Related References