Product Notice - IDaaS and Office 365 apps

Updated 2 years ago by admin

Microsoft do not make it possible to place a third party service, such as the IDaaS product, in between Azure AD authentication and Office 365 apps, if Azure AD is also managing authentication for the domain. It is possible to use an external Identity Provider however this may not be desirable.

You can still add Office 365 apps to your catalog for end-users however the IDaaS product will be bypassed as Office 365 will communicate directly with Azure AD.

The following options are available:

  • Microsoft have a feature called Conditional Access Custom Controls which is in preview at the time of writing (see external link). If you have access to this preview, please contact your service provider for more information on using this feature with the IDaaS product.
  • Allow OAuth 2.0 ROPC authentication of federated users for legacy applications. This uses the AD Connect SOAP API to synchronise passwords and passwords have to be entered via a custom IDaaS product form. This is not a Microsoft supported solution however it is included here for completeness.
  • In time, the USS platform will be able to act as an Identity Provider, with password management and password reset managed via the existing Active Directory section. The Azure AD domain can then be federated to use the USS platform as an Identity Provider, in a similar way to using another Identity Provider, such as JumpCloud or Google Workspace directory.

How did we do?