Microsoft Office 365 Single Sign-On

By Greg Keller Posted June 30, 2016

Microsoft Office 365 has taken the IT market by storm – and now IT admins are searching for easy ways for their users to have Single Sign-On (SSO) access to O365.

Historically, this wasn’t even a consideration for IT admins and users. Microsoft Office was delivered as a piece of software that ran on an end user’s desktop or laptop. But with the advent of the cloud, mobile devices, and subscription licensing, that’s all changing.

office 365 logo
Office 365 is not Microsoft Office.


O365 is delivered from the cloud. That doesn’t mean that end users still can’t have the software run on their personal machine, it just means that your end users will need an account on the O365 platform which is run within Azure.

Truth be told, there is actually a significant opportunity for IT admins to leverage Microsoft Office 365 single sign-on and achieve significant productivity gains.

Let’s step back for a second.

Microsoft is shifting all of their licensing for Office to be Office 365. Instead of a one-time purchase, you are purchasing O365 on a subscription basis and it is being delivered to you in the cloud with an important option to run it locally on your machine as well.

Microsoft’s move is in direct retaliation to Google Apps for Work (now G Suite™) and the understanding that IT organizations no longer want to manage software on-premises, but want it delivered to them in the cloud.

Some advantages of cloud delivery include:

  • Decreased management overhead
  • Lower maintenance costs
  • Allows users worldwide to leverage the capabilities without having to be connected to the organization’s network

Those are important benefits and Microsoft is using them to their advantage.

Challenges with Office 365

Every opportunity is accompanied by difficulty.

In this case, the challenge for IT admins is how to provision, de-provision, and enable end users to leverage O365 easily.

IT doesn’t want O365 to add yet another username and password to their users’ long list of credentials. That just means more work managing and securing another silo’d “mini-directory” of users. Depending on your directory solution, this user management might need to be executed manually.

All of this adds friction and frustration to end users and significant amounts of time for IT organizations.

It’s not always so bad. If your organization is an all Microsoft shop, then you’re in better shape. You’ll be able to leverage your existing Active Directory credentials and integrate them with Azure Active Directory. After jumping through some hoops, you’ll be able to provision, deprovision, and edit users in Active Directory and have those all flow through to your organization’s O365 accounts.

Unfortunately, as we now know, not a lot of organizations are all Microsoft anymore.

Achieving SSO Across Varied Infrastructure

For heterogeneous environments that have Macs, Linux, AWS, Google Apps, and any number of other systems, applications, and network infrastructure, there is a different approach to O365 Single Sign-On.

At JumpCloud, we like to call it True Single Sign-On™. Here’s how it works.

JC_Diagrams_ Office 365

O365 is integrated with a cloud-based directory service called Directory-as-a-Service®. Users are imported into the cloud directory from O365 if they already exist. The cloud directory service then is able to provision the same username and password that is leveraged in O365 to be the set of credentials used on their device, on other applications, and for their WiFi authentication.

Much like the legacy domain concept, a user’s JumpCloud identity is their identity across all of their IT resources including O365. If an organization wants to leverage the authentication protocol SAML to make the integration even more tight, that’s also possible.

The result: a True Single Sign-On experience for the user and one place for IT admins to manage users.

True SSO through O365

If you would like to learn more about how you can have Microsoft Office 365 Single Sign-On, then you can read through this Knowledge Base article that gives you a more technical, step-by-step guide to getting started with SSO for Office 365.
If you want to talk with someone directly at JumpCloud about our Office 365 functionality, then drop us a note. We’d be happy to discuss this further with you. Or, jump right in and sign-up for a free account. Your first 10 users are free forever.

Greg Keller

Greg is JumpCloud's Chief Product Officer, overseeing the product management team, product vision and go-to-market execution for the company's Directory-as-a-Service offering. The SaaS-based platform re-imagines Active Directory and LDAP for the cloud era, securely connecting and managing employees, their devices and IT applications.

Recent Posts