Use Shibboleth Identity Provider to implement single sign-on
Published: June 29, 2012
Updated: June 25, 2015
Applies To: Azure, Office 365, Power BI, Windows Intune
The topics in this section contain instructions for administrators of a Microsoft cloud service who want to provide their Active Directory users with single sign-on experience by using Shibboleth Identity Provider as their preferred Security Token Service (STS). Shibboleth Identity Provider implements the widely used Security Assertion Markup Language (SAML) federated identity standard to provide a single sign-on and attribute exchange framework.
Microsoft supports this single sign-on experience as the integration of a Microsoft cloud service, such as Microsoft Intune or Office 365, with the already installed and operational Shibboleth Identity Provider. Shibboleth Identity Provider is a third-party product and therefore Microsoft does not provide support for the deployment, configuration, troubleshooting, best practices, etc. issues and questions regarding the Shibboleth Identity Provider. For more information about the Shibboleth Identity Provider, see http://go.microsoft.com/fwlink/?LinkID=256497.
Only a limited set of clients are supported in this single sign-on scenario, as follows:
In order to set up your on-premises STS using Shibboleth Identity Provider, complete the following steps.
|As a pre-requisite to starting the steps below, please review the benefits, user experiences, and requirements of single sign-on in Prepare for single sign-on.|
Run through the detailed instructions in Configure Shibboleth for use with single sign-on.
Install Windows PowerShell for single sign-on with Shibboleth
Set up a trust between Shibboleth and Azure AD
Follow the detailed instructions in Directory synchronization roadmap to prepare for, activate, install a tool, and verify directory synchronization.
Verify single sign-on with Shibboleth
ConceptsDirSync with Single Sign-On