Plan for single sign-on for Office 365 with third-party browsers
Applies to: Office 365 Deployment Guide for Enterprises
Topic Last Modified: 2013-08-23
Summary: Describes how to use third-party browsers with single sign-on in Office 365 and extended Protection for Authentication and the default configuration for AD FS 2.0.
If your computers have Extended Protection for Authentication, and you use the Firefox, Google Chrome, or Safari browsers, you may not be able to sign on to Office 365, depending upon your operating system. Instead, you will get an access denied message. This is due to the default configuration for AD FS 2.0 and Extended Protection for Authentication.
Unless and until Firefox, Google Chrome, and Safari support Extended Protection for Authentication, the recommended option is to install and use Internet Explorer 8.
If you want to use single sign-on for Office 365 with Firefox, Google Chrome, or Safari, there are two other solutions:
Uninstall the Extended Protection patches from your computer.
Change the Extended Protection setting on the Active Directory Federation Services 2.0 server. See “ExtendedProtectionTokenCheck” on the TechNet Set-ADFSProperties page for details.
|There may be security concerns in taking either of the approaches described above. For more details, see the Microsoft Support article Microsoft Security Advisory: Extended protection for authentication.|