Azure AD federation compatibility list

Azure Active Directory provides single-sign on and enhanced application access security for Office 365 and other Microsoft Online services for hybrid and cloud-only implementations without requiring any non-Microsoft solution. Office 365, like most of Microsoft’s Online services, is integrated with Azure Active Directory for directory services, authentication and authorization. Azure Active Directory also provides single sign-on to thousands of SaaS applications and on-premises web applications. Please see the Azure Active Directory application gallery for supported SaaS applications.

For organizations that have invested in non-Microsoft federation solutions, this topic contains guidance for configuring single sign-on for their Windows Server Active Directory users with Microsoft Online services by using non-Microsoft identity providers from the “Azure Active Directory federation compatibility list” below.


Oxford Computer Group, a third-party, on behalf of Microsoft, tested these single sign-on experiences using non-Microsoft identity providers against a set of use cases common with Azure Active Directory.

For information on how you can get your third-party identity provider listed here, contact Oxford Computer Group at idp@oxfordcomputergroup.com.

Important

Oxford Computer Group tested only the federation functionality of these single sign-on scenarios. Oxford Computer Group did not perform any testing of the synchronization, two-factor authentication, etc. components of these single sign-on scenarios.

Use of Sign-in by Alternate ID to UPN is also not tested in this program.

Important

Since these are third-party products, Microsoft does not provide support for the deployment, configuration, troubleshooting, best practices, etc. issues and questions regarding these identity providers. For support and questions regarding these identity providers, contact the supported third-parties directly.

These third-party identity providers were tested for interoperability with Microsoft cloud services using WS-Federation and WS-Trust protocols only. Testing did not include using the SAML protocol.

Azure Active Directory

The following is the scenario support matrix for this sign-on experience:

Client Support Exceptions
Web-based clients such as Exchange Web Access and SharePoint Online Supported None
Rich client applications such as Lync, Office Subscription, CRM Supported None
Email-rich clients such as Outlook and ActiveSync Supported None
Modern Applications using ADAL such as Office 2016 Supported None

For more information about using Azure Active Directory with AD FS see Active Directory Federation Services (ADFS)

For more information about using Azure Active Directory with Password sync see Azure AD Connect.

AuthAnvil Single Sign On 4.5

The following is the scenario support matrix for this single sign-on experience:

Client Support Exceptions
Web-based clients such as Exchange Web Access and SharePoint Online Supported Integrated Windows Authentication is not supported
Rich client applications such as Lync, Office Subscription, CRM Supported Integrated Windows Authentication is not supported
Email-rich clients such as Outlook and ActiveSync Supported None

For more information, see AuthAnvil Single Sign On.

BIG-IP with Access Policy Manager BIG-IP ver. 11.3x – 11.6x

The following is the scenario support matrix for this single sign-on experience:

Client Support Exceptions
Web-based clients such as Exchange Web Access and SharePoint Online Supported None
Rich client applications such as Lync, Office Subscription, CRM Not Supported Not Supported
Email-rich clients such as Outlook and ActiveSync Supported None

For more information about BIG-IP Access Policy Manager, see BIG-IP Access Policy Manager.

For the BIG-IP Access Policy Manager instructions on how to configure this STS to provide the single sign-on experience to your Active Directory Users, download the pdf here.

BitGlass

The following is the scenario support matrix for this single sign-on experience:

Client Support Exceptions
Web-based clients such as Exchange Web Access and SharePoint Online Supported Integrated Windows Authentication is not supported
Rich client applications such as Lync, Office Subscription, CRM Supported Integrated Windows Authentication is not supported
Email-rich clients such as Outlook and ActiveSync Supported None

For more information about BitGlass see here.

CA Secure Cloud

The following is the scenario support matrix for this single sign-on experience:

Client Support Exceptions
Web-based clients such as Exchange Web Access and SharePoint Online Supported Integrated Windows Authentication is not supported
Rich client applications such as Lync, Office Subscription, CRM Supported Integrated Windows Authentication is not supported
Email-rich clients such as Outlook and ActiveSync Supported None

For more information about CA Secure Cloud, see CA Secure Cloud.

CA SiteMinder 12.52 SP1 Cumulative Release 4

The following is the scenario support matrix for this single sign-on experience:

Client Support Exceptions
Web-based clients such as Exchange Web Access and SharePoint Online Supported None
Rich client applications such as Lync, Office Subscription, CRM Supported None
Email-rich clients such as Outlook and ActiveSync Supported None

For more information about CA SiteMinder, see CA SiteMinder Federation.

Centrify

The following is the scenario support matrix for this single sign-on experience:

Client Support Exceptions
Web-based clients such as Exchange Web Access and SharePoint Online Supported None
Rich client applications such as Lync, Office Subscription, CRM Supported None
Email-rich clients such as Outlook and ActiveSync Supported Client Access Control is not supported

For more information about Centrify, see here.|

Dell One Identity Cloud Access Manager v7.1

The following is the scenario support matrix for this single sign-on experience:

Client Support Exceptions
Web-based clients such as Exchange Web Access and SharePoint Online Supported None
Rich client applications such as Lync, Office Subscription, CRM Supported None
Email-rich clients such as Outlook and ActiveSync Supported None

For more information about Dell One Identity Cloud Access Manager, see Dell One Identity Cloud Access Manager.

For the instructions on how to configure this STS to provide the single sign-on experience to your Office 365 Users, see Configure Office 365 Users.

IBM Tivoli Federated Identity Manager 6.2.2

The following is the scenario support matrix for this single sign-on experience:

Client Support Exceptions
Web-based clients such as Exchange Web Access and SharePoint Online Supported None
Rich client applications such as Lync, Office Subscription, CRM Supported None
Email-rich clients such as Outlook and ActiveSync Supported None

For more information about IBM Tivoli Federated Identity Manager, see IBM Security Access Manager for Microsoft Applications.

IceWall Federation Version 3.0

The following is the scenario support matrix for this single sign-on experience:

Client Support Exceptions
Web-based clients such as Exchange Web Access and SharePoint Online Supported Integrated Windows Authentication is not supported
Rich client applications such as Lync, Office Subscription, CRM Supported Integrated Windows Authentication is not supported
Email-rich clients such as Outlook and ActiveSync Supported None

For more information about IceWall Federation, see here and here.

Memority

The following is the scenario support matrix for this sign-on experience:

Client Support Exceptions
Web-based clients such as Exchange Web Access and SharePoint Online Supported None
Rich client applications such as Lync, Office Subscription, CRM Supported None
Email-rich clients such as Outlook and ActiveSync Supported None

For more information about using Memority see Memority

NetIQ Access Manager 4.x

The following is the scenario support matrix for this single sign-on experience:

Client Support Exceptions
Web-based clients such as Exchange Web Access and SharePoint Online Supported None
Rich client applications such as Lync, Office Subscription, CRM Supported None
Email-rich clients such as Outlook and ActiveSync Supported None

For more information, see NetIQ Access Manager

Okta

The following is the scenario support matrix for this single sign-on experience:

Client Support Exceptions
Web-based clients such as Exchange Web Access and SharePoint Online Supported Integrated Windows Authentication requires setup of additional web server and Okta application.
Rich client applications such as Lync, Office Subscription, CRM Supported Integrated Windows Authentication
Email-rich clients such as Outlook and ActiveSync Supported None

For more information about Okta, see Okta.

OneLogin

The following is the scenario support matrix for this single sign-on experience:

Client Support Exceptions
Web-based clients such as Exchange Web Access and SharePoint Online Supported Integrated Windows Authentication
Rich client applications such as Lync, Office Subscription, CRM Supported Integrated Windows Authentication
Email-rich clients such as Outlook and ActiveSync Supported None

For more information about OneLogin, see OneLogin.

Optimal IDM Virtual Identity Server Federation Services

The following is the scenario support matrix this single sign-on experience:

Client Support Exceptions
Web-based clients such as Exchange Web Access and SharePoint Online Supported None
Rich client applications such as Lync, Office Subscription, CRM Supported Integrated Windows Authentication
Email-rich clients such as Outlook and ActiveSync Supported

For more information about client access polices see Limiting Access to Office 365 Services Based on the Location of the Client. |

PingFederate 6.11, 7.2, 8.x

The following is the scenario support matrix for this single sign-on experience:

Client Support Exceptions
Web-based clients such as Exchange Web Access and SharePoint Online Supported None
Rich client applications such as Lync, Office Subscription, CRM Supported None
Email-rich clients such as Outlook and ActiveSync Supported None

For the PingFederate instructions on how to configure this STS to provide the single sign-on experience to your Active Directory users, see one of the following:

RadiantOne CFS 3.0

The following is the scenario support matrix for this single sign-on experience:

Client Support Exceptions
Web-based clients such as Exchange Web Access and SharePoint Online Supported None
Rich client applications such as Lync, Office Subscription, CRM Supported Integrated Windows Authentication
Email-rich clients such as Outlook and ActiveSync Supported None

For more information about RadiantOne CFS, see RadiantOne CFS.

Sailpoint IdentityNow

The following is the scenario support matrix for this single sign-on experience:

Client Support Exceptions
Web-based clients such as Exchange Web Access and SharePoint Online Supported Integrated Windows Authentication is not supported
Rich client applications such as Lync, Office Subscription, CRM Supported Integrated Windows Authentication is not supported
Email-rich clients such as Outlook and ActiveSync Supported None

For more information, see Sailpoint IdentityNow.

SecureAuth IdP 7.2.0

The following is the scenario support matrix for this single sign-on experience:

Client Support Exceptions
Web-based clients such as Exchange Web Access and SharePoint Online Supported None
Rich client applications such as Lync, Office Subscription, CRM Supported None
Email-rich clients such as Outlook and ActiveSync Supported None

For more information about SecureAuth, see SecureAuth IdP.

Sign&go 5.3

The following is the scenario support matrix for this single sign-on experience:

Client Support Exceptions
Web-based clients such as Exchange Web Access and SharePoint Online Supported Kerberos Contracts supported
Rich client applications such as Lync, Office Subscription, CRM Supported None
Email-rich clients such as Outlook and ActiveSync Supported None

Sign&go 5.3 supports Kerberos authentication via configuration of a Kerberos Contract. For assistance with this configuration, please contact Ilex or view the setup guide here.

SoftBank Technology Online Service Gate

The following is the scenario support matrix for this single sign-on experience:

Client Support Exceptions
Web-based clients such as Exchange Web Access and SharePoint Online Supported Integrated Windows Authentication is not supported
Rich client applications such as Lync, Office Subscription, CRM Supported Integrated Windows Authentication is not supported
Email-rich clients such as Outlook and ActiveSync Supported None

For more information about SoftBank Technology Online Service Gate see here.

VMware Workspace One

The following is the scenario support matrix for this single sign-on experience:

Client Support Exceptions
Web-based clients such as Exchange Web Access and SharePoint Online Supported Integrated Windows Authentication is not supported
Rich client applications such as Lync, Office Subscription, CRM Supported Integrated Windows Authentication is not supported
Email-rich clients such as Outlook and ActiveSync Supported None

For more information about see here.

VMware Workspace Portal version 2.1

The following is the scenario support matrix for this single sign-on experience:

Client Support Exceptions
Web-based clients such as Exchange Web Access and SharePoint Online Supported Integrated Windows Authentication is not supported
Rich client applications such as Lync, Office Subscription, CRM Supported Integrated Windows Authentication is not supported
Email-rich clients such as Outlook and ActiveSync Supported None

For more information about VMware Workspace Portal version 2.1, download the pdf here.