The Live@edu SSO Toolkit 4.5 Update is supported as an interim solution in Office 365 Education until December 31, 2014 to give you more time to implement federation after the upgrade.

This new update enables the Live@edu SSO Toolkit to continue working before, during, and after the upgrade from Live@edu to Office 365 Education.

Important: It is recommended to install the Live@edu SSO Toolkit 4.5 Update before the Live@edu Upgrade and verify users can still sign in to Live@edu via your web portal.

If you have not applied the Live@edu SSO Toolkit 4.5 Update, the SSO Toolkit will stop working partway through the Live@edu Upgrade .

What is the Live@edu SSO Toolkit

The Live@edu SSO Toolkit allows users to access SkyDrive or Outlook Live from an on-premises web portal without a secondary credential challenge from the Live@edu authentication platform.

A pre-installed security certificate (provided to the school by Microsoft) establishes a trust between the on-premises web portal and the Live@edu authentication platform. This trust relationship delegates user authentication to the on-premises web portal and eliminates the need for the user to provide a password for authentication to Live@edu.

Live@edu-SSO-Toolkit-Web-Portal-Directory-Diagram

Basic overview of Single Sign-On with Live@edu

  • A user browses to a school’s on-premises web portal, e.g. https://portal.contoso.edu, and provides her/his on-premise username and password.
  • The web portal presents to the user an HTML page containing a “My Mailbox” link.
  • When the authenticated user clicks the "My Mailbox" link, the web portal looks up the user's Microsoft account ID in the on-premises directory service.
  • The on-premises web portal server passes the Microsoft account ID and the pre-installed security certificate to a Microsoft SOAP (Simple Object Access Protocol) service, and a Short-Lived Token (SLT) from Microsoft is received by the on-premises web portal server over SSL.
  • Skip ahead a few steps...Single Sign-On happens.
  • The user transfers seamlessly to her/his SkyDrive or Outlook Live mailbox without being prompted for credentials a second time.

What about PCNS (Live@edu Password Synchronization)?

The Live@edu SSO Toolkit is a Single Sign-On solution for browser clients.

If you are using Live@edu Password Synchronization in combination with the Live@edu SSO Toolkit to allow email rich-clients, smart phones, and other devices to connect to Live@edu, then you may need to investigate third-party tools for password synchronization on Office 365.

Microsoft does NOT currently support password synchronization with Office 365.

Is Office 365 Password Synchronization a requirement for your Live@edu Upgrade?

Submit you feedback at http://g.microsoftonline.com/0BX11EN/135.

 

 

 

______________________________

Thanks for joining us today!

Zion Brewer

______________________________