Single sign-on roadmap

Updated: June 25, 2015

Applies To: Azure, Office 365, Power BI, Windows Intune

Single sign-on (SSO) allows you and your users to access Microsoft cloud services with your Active Directory corporate credentials. SSO requires both a security token service (STS) infrastructure and Active Directory synchronization.

You must complete the following steps in order to implement SSO:

  1. Step 1: Prepare for single sign-on

  2. Step 2: Set up your on-premises security token service

  3. Step 3: Set up directory synchronization

  4. Step 4: Verify single sign-on

Step 1: Prepare for single sign-on

To prepare, you must make sure your environment meets the requirements for SSO and verify that your Active Directory and Azure Active Directory tenant is set up in a way that is compatible with single sign-on requirements. For more information, see Prepare for single sign-on.

Step 2: Set up your on-premises security token service

After you have prepared your environment for single sign-on, you will need to set up a new on-premises STS infrastructure to provide your local and remote Active Directory users with single sign-on access to the cloud service. If you currently have an STS in your production environment, you can use it for single sign-on deployment rather than setting up a new infrastructure as long as it is supported by Azure AD.

Currently, Azure AD supports either of the following security token services:

Step 3: Set up directory synchronization

In order for single sign-on to work properly, you must set up Active Directory synchronization as well. This includes preparing for, activating, installing a tool, and verifying directory synchronization. After you have verified directory synchronization, you activate your synced users. Using single sign-on and directory synchronization together ensures that user identities are represented correctly in the cloud service.

For more information about how to get started with setting up directory synchronization, follow the steps provided in Directory synchronization roadmap.

Step 4: Verify single sign-on

After you finish setting up your Active Directory synchronization environment, you now need to verify that your STS is functioning as expected and that single sign-on was set up correctly for your cloud service.

For more information, see either Verify and manage single sign-on with AD FS or Verify single sign-on with Shibboleth, depending on the STS type you are setting up.

See Also


DirSync with Single Sign-On