.png)
Use third-party identity providers to implement single sign-on
Updated: February 28, 2013
Applies To: Office 365, Windows Azure, Windows Intune
 Note |
|---|
| This topic provides online help content that is applicable to multiple Microsoft cloud services, including Windows Intune and Office 365. |
This topic contains instructions for administrators of a Microsoft cloud service who want to provide their Active Directory users with single sign-on experience by using third-party identity providers as their preferred Security Token Service (STS). Microsoft tested these single sign-on experiences as the integration of a Microsoft cloud service, such as Windows Intune or Office 365, with the following already installed and operational third-party identity providers:
|
Note |
|---|
| Microsoft tested only the federation functionality of these single sign-on scenarios. Microsoft did not perform any testing of the synchronization, two-factor authentication, etc. components of these single sign-on scenarios. |
|
Important |
|---|
| Since these are third-party products, Microsoft does not provide support for the deployment, configuration, troubleshooting, best practices, etc. issues and questions regarding these identity providers. For support and questions regarding these identity providers, contact Optimal IDM and PingFederate. |
Optimal IDM Virtual Identity Server Federation Services
Optimal IDM Virtual Identity Server Federation Services can authenticate users that reside in customers’ on-premises Active Directories.
The following is the scenario support matrix this single sign-on experience:
| Client | Support level | Exceptions |
|---|---|---|
|
Web-based clients such as Exchange Web Access and SharePoint Online |
Supported |
None |
|
Rich client applications such like Lync, Office Subscription, CRM |
Supported |
Windows integrated authentication |
|
Email-rich clients such as like Outlook and ActiveSync
|
Supported |
For more information about client access polices see Limiting Access to Office 365 Services Based on the Location of the Client. |
|
Diagnostic tools, such as MSODAL, Exchange Connectivity Test |
Not supported |
None |
For more information about Optimal IDM Virtual Identity Server Federation Services, see http://go.microsoft.com/fwlink/?LinkID=266318.
PingFederate® 6.10
PingFederate 6.10 implements the widely used WS Federation identity standard to provide a single sign-on and attribute exchange framework.
The following is the scenario support matrix this single sign-on experience:
| Client | Support level | Exceptions |
|---|---|---|
|
Web-based clients such as Exchange Web Access and SharePoint Online |
Supported |
None |
|
Rich client applications such like Lync, Office Subscription, CRM |
Supported |
None (earlier versions must upgrade to 6.11 or higher for rich client support) |
|
Email-rich clients such as like Outlook and ActiveSync
|
Supported |
None |
|
Diagnostic tools, such as MSODAL, Exchange Connectivity Test |
Not supported |
None |
For more information about PingFederate 6.10, see http://go.microsoft.com/fwlink/?LinkID=266320. For the PingFederate instructions on how to configure this STS to provide the single sign-on experience to your Active Directory users, see http://go.microsoft.com/fwlink/?LinkID=266321.
|
Note |
|---|
| Published support level is assumed to be true for all successive versions of PingFederate unless otherwise explicitly called out. |
See Also
