For feedback, click here



Does Office 365 support SAML?

Yes. SAML comes up in two different contexts.

One is SAML protocol and the other is SAML tokens.

Office 365 supports SAML-P 2.0 protocol as described here, and also the implementation of an Identity provider called Shibboleth .

Office 365 also supports SAML 1.1 tokens that are used in WS-* protocols.

For more details, see Use Shibboleth Identity Provider to implement single sign-on.

↑ Back to top


Does Office 365 support synchronization with Non-AD Directory stores?

Yes. There are a couple of ways to implement synchronization with Non-AD Directory stores:

  1. PowerShell and the Office 365 admin cmdlets
  2. Forefront Identity Manager 2010 R2 with the Azure AD Connector as described here.
  3. Microsoft Azure AD Sync Services is planned to support non-AD directory stores as described here.

↑ Back to top


My customer has AD and they want to go to Office 365, but they don’t want to use ADFS. What are their options?

The directory synchronization model can include password hash synchronization and does not require AD FS.

More details on comparing AD FS with DirSync are here.

↑ Back to top


Does Office 365 support Multi-forest AD?

Yes. You can either use Forefront Identity Manager 2010 R2 or Azure Active Directory Sync Services to synchronize multiple forests.

The common DirSync tool does not support multi-forest AD.

↑ Back to top


Does Office 365 use Microsoft Azure Active Directory?

Yes. The underlying Identity platform for Office 365 is Microsoft Azure Active Directory.

When a user signs up using Organizational Account to use Office 365 Services, the user is signing into Microsoft Azure Active Directory.

↑ Back to top


Does Office 365 support two factor authentication?

Yes. Read about Multi-Factor Authentication for Office 365 here.

You can also integrate third party 2FA solutions such as RSA SecureID with AD FS.

For guidance on RSA SecurID, see Integration with RSA SecurID in the Extranet.

↑ Back to top


Can use Forefront Identity Manager to manage distribution and security groups used in Office 365?

Yes. Forefront Identity Manager 2010 R2 manages the on-premises AD which is synchronized to Office 365.

The FIM Portal can be used for editing distribution and security groups, but you cannot use the Group add-in in Outlook to do this group management if the FIM Service mailbox is hosted in Office 365.

↑ Back to top


Where can I read more about Office 365 identity management?

See the Office blogs filtered by identity topics.

↑ Back to top