Paul Andrew is technical product manager for Identity Management on the Office 365 team.
The Works with Office 365 – Identity program has been streamlined. It’s now more predictable and we’ve reduced the time it takes for new identity provider vendors to get qualified.
Identity management for Office 365 involves the use of an organization’s existing directory both for user lookup and for password authentication with Office 365. Identity management has two integral aspects that go hand in hand—federation of the authentication system and directory synchronization for the directory user lookup. The Works with Office 365 – Identity program qualifies third-party federation options. Directory synchronization is also required for the solution but not part of the program.
Office 365 customers can use Windows Active Directory, Windows Azure Active Directory, or various non-Microsoft (third-party) identity provider databases to store their user directories. In order for an Office 365 sign-in request to be validated by an identity provider, the identity provider must be federated. On behalf of each tenant, Office 365 acts as a relying party for the federated identity authentication operation.
Office 365 uses Windows Azure Active Directory for identity federation. Windows Azure Active Directory supports WS-Federation, WS-Trust, and SAML-P as authentication protocols. SAML-P use is currently limited but this protocol is expected to be broadly available soon.
The products and services of Microsoft and third parties can change over time. Office 365 customers who are interested in using a third-party identity solution should conduct their own evaluation of that solution to determine it meets their needs. Please note that the Works with Office 365 – Identity program may be discontinued by Microsoft at any time without notice.
Benefits of the program for customers
We want customers to have confidence in the interoperability between Office 365 and a third-party identity provider’s product, and we want to make that interoperability as easy as possible. The Works with Office 365 – Identity program achieves this through testing of interoperability before qualifying third-party identity providers. This allows Microsoft to offer the best possible support for Office 365 customers who use federated identity providers.
You can get the details about qualified vendors on TechNet.
This is what Microsoft qualification of a third-party identity provider vendor means:
- Microsoft support teams will support the use of Office 365 by Microsoft customers when those Office 365 implementations are federated with the third-party identity provider. Microsoft support teams also have contact with the support team of the identity provider vendor. Note that Microsoft does not support the partner identity provider product; the partner supports their own product.
- Federation between a partner identity provider and Office 365 has passed certain tests and met other requirements as outlined in the program guide. If any test were exempted for a particular identity provider partner, then those will be listed along with the qualification.
- For an on-premises identity provider vendor solution, qualification is specific to a particular version of the identity provider product. Any qualified on-premises identity provider vendor must pass the requirements for every subsequent version of their solution that they want to be qualified.
- For a cloud STS vendor solution, qualification is valid for one year. One year after the last qualification, any on-boarded cloud STS vendor must pass the requirements
for their then-current identity provider offer.
Qualification does not mean that Microsoft endorses or sponsors a particular identity provider or solution. It also does not mean that Microsoft makes any representations or warranties about any particular identity provider or solution.
Benefits of the program for identity provider vendors
For identity provider vendors, the Works with Office 365 – Identity program offers interoperability documentation, automated testing tools, and the opportunity to be qualified as a solution which has undergone testing and that provides confidence about its interoperability with Office 365 for customers.
The requirements for an identity provider vendor to get qualified in the program are listed in the program guide, which also has links to documentation, tools, and resources available for interoperability.
— Paul Andrew