Microsoft Education in the Cloud

Read all about the wonderful world of the Microsoft cloud stack and how it applies to education. Your feedback and comments are always welcome. Enjoy!

Using Shibboleth as an Identity Provider for Office 365

Using Shibboleth as an Identity Provider for Office 365

  • Comments 6
  • Likes



We have released documentation for Shibboleth support, marking the public availability for Shibboleth integration into Office 365!  You can find the reference here.  This provides a customer with the ability to provide their Active Directory users with single sign-on experience by using Shibboleth Identity Provider as their preferred Security Token Service (STS).

The scenarios covered for support include:

1. Web-based clients such as Outlook Web Access for Exchange and SharePoint Online. 

2. Rich client support including IMAP, POP, EAS, MAP, Outlook 2007, Thunderbird 8 and 9, iPhone, and Windows Phone (These options need to support basic authentication to Exchange for access method and we also need Enhanced Client Protocol (ECP) to be deployed).

All other clients are not support in this SSO scenario with Shibboleth as an iDP.

To setup this configuration you’ll need to setup the following:


  1. Configure Shibboleth for use with single sign-on.
  2. Install Windows PowerShell for single sign-on with Shibboleth
  3. Set up a trust between Shibboleth and Windows Azure AD
  4. Follow the detailed instructions in Directory synchronization roadmap to prepare for, activate, install a tool, and verify directory synchronization.
  5. Verify single sign-on with Shibboleth


Please contact your Microsoft account team on how to get a customer supported for Shibboleth.

  • Has anyone managed to get this to work?

    Is there something that MS needs to do on their end? i.e Please contact your Microsoft account team on how to get a customer supported for Shibboleth.

  • If my shibboleth was created on Linux, is that work?

  • Yes, a shib IdP on Linux will work with O365 SP.

  • Anon, MS doesn't need to do anything on their end.

  • Referring to this configuration , I just set up the environment. But the SP initiate sso does not work in my env.  I trace the http heards, I can not find any info about SAML request. I can only see some parameters "wa","wrtreaml", it looks like WS-Federation.  Is there any one having some experience or suggestion about this issue ?

  • Thanks for the article!

    I am currently supporting SSO with o365 using ADFS 2.0 but I have been requested to convert it to use Shibboleth.   I currently have all my accounts federated to o365.   I am hoping that I will be able to run in parallel so that I can write my new application to authenticate users using the Shibboleth STS.

    I hope that this will not be an issue.  

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment