Implement a Single Sign-On Solution for Live@edu
Applies to: Live@edu
A single sign-on solution lets users move between on-premises resources and the cloud without having to sign in multiple times. You can add a single sign-on solution to an existing Web portal by using the single sign-on software development kit (SSO SDK) provided by the Microsoft Live@edu program. This will let you map on-premises credentials to Windows Live IDs so you can customize your Web portal to enable pre-authentication of users and add an e-mail entry point. Users can then access their cloud-based mailbox from your Web portal without having to provide a different set of credentials.
Note The SSO SDK includes a complete guide to implementation.
Requirements
The SSO SDK requires the following:
- All users who access the SSO solution must have credentials in your internal directory service and a Windows Live ID that’s used to access the service.
- A Web portal where users authenticate.
- Your domain must have short-lived token (SLT) functionality enabled. Note We set this up for you after you make your SSO request in the Live@edu Service Management Portal.
The server where you implement the SSO solution has to meet the following requirements.
| Prerequisite | Description |
|---|---|
Operating system |
Windows Server 2003 or Windows Server 2008 |
Software |
Microsoft .NET Framework 2.0 or later |
Security certificate |
The security certificate is used to authenticate to Windows Live servers. Note We provide the certificate to you after you make your SSO request in the Live@edu Service Management Portal. |
Next steps
In the Live@edu service management portal, select Single sign-on. Then, click Request SSO Support to request the SSO SDK and certificate.
After we process your request, we'll send you an e-mail message that includes instructions about how to download the SSO SDK and certificate. This e-mail will be sent to the administrator account for your domain and any additional contacts on your account record. You can update your account record by signing in to the Live@edu Service Management Portal and clicking Institution Profile. Windows Live ID services will enable SLT functionality for your domain.
For more information about user authentication, see Live@edu Authentication Scenarios.
Managing your security certificate
After you’ve set up SSO, you must keep your certificate current. If the certificate expires, users won’t be able to sign in. Starting a month prior to the expiration date, you’ll receive an e-mail notification with instructions for how to update your certificate. These notifications will be sent to the addresses listed for your domain on the Institution Profile page of the Live@edu Service Management Portal.
To check when your certificate is due to expire, type the Web address of your sign-in page in your browser, click the yellow padlock icon, click View Certificates, and then look in the Valid from field.