To connect Microsoft 365 to JumpCloud, you can use our Microsoft 365 Integration, our Microsoft 365/Entra ID SAML connector, or both. Read this article to learn more about the benefits and use cases for each one and how they can be used together.
Key Differences
The following are key differences between the Microsoft 365 Directory Integration and Microsoft 365 SAML connector:
Microsoft 365 Directory Integration
- Is an OAuth2-based integration
- Enables user provisioning, attribute management, and user suspension in JumpCloud
- Lets users log in to Microsoft 365 directly
- Requires Multi-factor Authentication (MFA) configuration in Microsoft
- Establishes JumpCloud as the password authority once users log in to the JumpCloud User Portal; whenever the user password or attributes change in JumpCloud, JumpCloud updates Microsoft 365
Microsoft 365/Entra ID SAML Connector
- Is a SAML 2.0-based integration
- Users are managed in JumpCloud. Every Microsoft 365 user must also be a JumpCloud user to log in to Microsoft 365
- Directs users to log in from a JumpCloud log in page. If a user attempts to log into Microsoft 365 directly, they’re redirected to login via SSO
- Requires MFA configuration in JumpCloud
- Doesn’t update passwords or attributes in Microsoft 365; users are always forced to authenticate against JumpCloud.
- Users must be bound to an existing Microsoft 365 Directory Integration
JumpCloud’s Microsoft 365 Integration uses OAuth to create a secure, persistent connection between Microsoft 365 and JumpCloud. JumpCloud becomes the authoritative source of identity, which lets you:
- Import existing Microsoft 365 users
- Export new JumpCloud users to Microsoft 365
- Sync user attributes and passwords between JumpCloud and Microsoft 365
- Centralize user provisioning and deprovisioning
- Give users one set of credentials to access JumpCloud, Microsoft 365, and other resources you’ve integrated with JumpCloud, like systems, RADIUS, and LDAP
Learn more:
- Tutorial: M365 Directory Sync
- Read Microsoft 365 Directory Integration Overview.
The Microsoft 365 SAML Connector/Entra ID uses the Security Assertion Markup Language (SAML 2.0) to authenticate JumpCloud users to Microsoft 365. Connect the Microsoft 365/Entra ID SAML connector to JumpCloud to:
- Manage user access to Microsoft 365
- You can authorize user access to Microsoft 365, and you can suspend or delete user access to Microsoft 365:
- Learn more about authorizing user access to SAML applications
- Learn more about suspending a user account or deleting a user account
- You can’t import or export user accounts with our SAML connectors
- You can authorize user access to Microsoft 365, and you can suspend or delete user access to Microsoft 365:
- Map user attributes between JumpCloud and Microsoft 365 so that you can customize user permissions and roles
- Give users one set of credentials to access JumpCloud, Microsoft 365, and other resources you’ve integrated with JumpCloud, like systems, RADIUS, and LDAP
Learn more:
If you want to use the M365 SAML/Entra ID Connector, it must be configured alongside the Microsoft 365 Directory Integration. Users who are not bound to an M365 Directory Integration will not be able to login using SSO because they will be missing the M365 immutable ID.
Using both the Microsoft 365 Integration and the Microsoft 365/Entra ID SAML Connector, you can centralize user provisioning, management, and deprovisioning and have fine-grained access management from JumpCloud. You save time by doing your tasks in a single interface and users gain a consistent experience for accessing all their JumpCloud and Microsoft resources.