Skip to content

Logging in to Office365 Using WSO2 Identity Server

This topic provides instructions on how to configure and integrate Office365 with WSO2 Identity Server (WSO2 IS) for authentication and provisioning.

Microsoft Office 365 requires users in on-premise user stores to be synced to Microsoft Azure Active Directory (Azure AD) in the cloud.  WSO2 IS Office365 integration allows the users to be provisioned to the Azure AD without using any external tools or additional effort. WSO2 IS is integrated with Office365 using federated identity, which means the password or password hash is not synchronized to the Azure AD because the user authentication is provided by the on-premise WSO2 IS.

log-in-to-office365

Group-based license management

In Azure AD, administrators can define licenses to security groups. Licenses are assigned or removed at the time a user joins or leaves the user group. Using WSO2 IS for user synchronization allows the users to have a special attribute that qualifies them to join a specific user group in Azure AD at the time of provisioning via the IS. Thus, the users are dynamically added to groups and assigned with licenses without any administration overheads.

Info

For instructions to try out this fow, see Configuring Microsoft Azure AD Outbound Provisioning Connector .

The diagram below demonstrates the flow.

group-based-license-management

Role-based provisioning

Role based provisioning to Microsoft Office365 can be done by configuring the Office365 Outbound Provisioning Connector in WSO2 IS. The WSO2 IS Office 365 Outbound Provisioning Connector supports two ways of provisioning users based on role:

Top