Using Shibboleth as an Identity Provider for Office 365



We have released documentation for Shibboleth support, marking the public availability for Shibboleth integration into Office 365!  You can find the reference here.  This provides a customer with the ability to provide their Active Directory users with single sign-on experience by using Shibboleth Identity Provider as their preferred Security Token Service (STS).

The scenarios covered for support include:

1. Web-based clients such as Outlook Web Access for Exchange and SharePoint Online.  

2. Rich client support including IMAP, POP, EAS, MAP, Outlook 2007, Thunderbird 8 and 9, iPhone, and Windows Phone (These options need to support basic authentication to Exchange for access method and we also need Enhanced Client Protocol (ECP) to be deployed).

All other clients are not support in this SSO scenario with Shibboleth as an iDP.

To setup this configuration you’ll need to setup the following:


  1. Configure Shibboleth for use with single sign-on.
  2. Install Windows PowerShell for single sign-on with Shibboleth
  3. Set up a trust between Shibboleth and Windows Azure AD
  4. Follow the detailed instructions in Directory synchronization roadmap to prepare for, activate, install a tool, and verify directory synchronization.
  5. Verify single sign-on with Shibboleth


Please contact your Microsoft account team on how to get a customer supported for Shibboleth.