Verify single sign-on with Shibboleth

Updated: June 25, 2015

Applies To: Azure, Office 365, Power BI, Windows Intune

As the administrator, before you verify and manage single sign-on (also called identity federation), review the information and perform the steps in the following articles to set up single sign-on with Shibboleth Identity Provider:

  1. Prepare for single sign-on

  2. Configure Shibboleth for use with single sign-on

  3. Install Windows PowerShell for single sign-on with Shibboleth

  4. Set up a trust between Shibboleth and Azure AD

  5. Follow the detailed instructions in Directory synchronization roadmap to prepare for, activate, install a tool, and verify directory synchronization.

After setting up single sign-on with Shibboleth, you should verify that it is working correctly.

Verify that single sign-on has been set up correctly

To verify that single sign-on has been set up correctly, you can perform the following procedure to confirm that you are able to sign in to the cloud service with your corporate credentials, Test single sign-on for different usage scenarios.


  • If you converted a domain, rather than adding one, it may take up to 24 hours to set up single sign-on.

  • Before you verify single sign-on, you should finish setting up Active Directory synchronization, synchronize your directories, and activate your synced users. For more information, see Directory synchronization roadmap.

To verify that single sign-on has been set up correctly, complete the following steps.

  1. On a domain-joined computer, sign in to your cloud service using the same logon name that you use for your corporate credentials.

  2. Click inside the password box. If single sign-on is set up, the password box will be shaded, and you will see the following message: “You are now required to sign in at <your company>.”

  3. Click the Sign in at <your company> link.

    If you are able to sign in, then single sign-on has been set up.

Test single sign-on for different usage scenarios

After you have verified that single sign-on is complete, test the following sign-in scenarios to ensure that single sign-on using Shibboleth Identity Provider is correctly configured. Ask a group of your users to test their access to the cloud service services from browsers as well as rich client applications, such as Microsoft Office 2010, in the following environments:

  • From a domain-joined computer

  • From a non-domain-joined computer inside the corporate network

  • From a roaming domain-joined computer outside the corporate network

  • From the different operating systems that you use in your company

  • From a home computer

  • From an Internet kiosk (test access to the cloud service through a browser only)

  • From a smart phone (for example, a smart phone that uses Microsoft Exchange ActiveSync)

See Also


Use Shibboleth Identity Provider to implement single sign-on