The following identity providers were tested for compatibility with Azure Active Directory by Microsoft, or by Oxford Computer Group on behalf of Microsoft, against a set of use cases common with Azure Active Directory. These tests were validated on or before April 2018.
Note: Microsoft tested only the federation functionality of these single sign-on scenarios. Microsoft did not perform any testing of the synchronization, two-factor authentication, etc. components of these single sign-on scenarios. Use of Sign-in by Alternate ID to UPN is also not tested in this program.
Important: Since these are third-party products, Microsoft does not provide support for the deployment, configuration, troubleshooting, best practices, etc. issues and questions regarding these identity providers. For support and questions regarding these identity providers, contact the supported third-parties directly. These third-party identity providers were tested for interoperability with Microsoft cloud services using WS-Federation and WS-Trust protocols only. Testing did not include using the SAML protocol.
The following is the scenario support matrix for this sign-on experience:
| Client | Support | Exceptions |
| Web-based clients such as Exchange Web Access and SharePoint Online | Supported | None |
| Rich client applications such as Lync, Office Subscription, CRM | Supported | None |
| Email-rich clients such as Outlook and ActiveSync | Supported | None |
| Modern Applications using ADAL such as Office 2016 | Supported | None |
For more information about using Azure Active Directory with AD FS see Active Directory Federation Services (ADFS).
For more information about using Azure Active Directory with Password sync see Azure AD Connect.
The following is the scenario support matrix for this single sign-on experience:
| Client | Support | Exceptions |
| Web-based clients such as Exchange Web Access and SharePoint Online | Supported | Integrated Windows Authentication is not supported |
| Rich client applications such as Lync, Office Subscription, CRM | Supported | Integrated Windows Authentication is not supported |
| Email-rich clients such as Outlook and ActiveSync | Supported | None |
For more information, see AuthAnvil Single Sign On..
The following is the scenario support matrix for this single sign-on experience:
| Client | Support | Exceptions |
| Web-based clients such as Exchange Web Access and SharePoint Online | Supported | None |
| Rich client applications such as Lync, Office Subscription, CRM | Not Supported | Not Supported |
| Email-rich clients such as Outlook and ActiveSync | Supported | None |
For more information about BIG-IP Access Policy Manager, see BIG-IP Access Policy Manager.
For the BIG-IP Access Policy Manager instructions on how to configure this STS to provide the single sign-on experience to your Active Directory Users, download the pdf BIG-IP.
The following is the scenario support matrix for this single sign-on experience:
| Client | Support | Exceptions |
| Web-based clients such as Exchange Web Access and SharePoint Online | Supported | None |
| Rich client applications such as Lync, Office Subscription, CRM | Supported | None |
| Email-rich clients such as Outlook and ActiveSync | Supported | None |
For more information about CA SiteMinder, see CA SiteMinder Federation.
The following is the scenario support matrix for this single sign-on experience:
| Client | Support | Exceptions |
| Web-based clients such as Exchange Web Access and SharePoint Online | Supported | None |
| Rich client applications such as Lync, Office Subscription, CRM | Supported | None |
| Email-rich clients such as Outlook and ActiveSync | Supported | None |
For more information about Dell One Identity Cloud Access Manager, see Dell One Identity Cloud Access Manager.
For the instructions on how to configure this STS to provide the single sign-on experience to your Office 365 Users, see Configure Office 365 Users.
The following is the scenario support matrix for this single sign-on experience:
| Client | Support | Exceptions |
| Web-based clients such as Exchange Web Access and SharePoint Online | Supported | Integrated Windows Authentication is not supported |
| Rich client applications such as Lync, Office Subscription, CRM | Supported | Integrated Windows Authentication is not supported |
| Email-rich clients such as Outlook and ActiveSync | Supported | None |
For more information see DigitalPersona Composite Authentication.
The following is the scenario support matrix for this single sign-on experience:
| Client | Support | Exceptions |
| Web-based clients such as Exchange Web Access and SharePoint Online | Supported | None |
| Rich client applications such as Lync, Office Subscription, CRM | Supported | None |
| Email-rich clients such as Outlook and ActiveSync | Supported | None |
For more information see ForgeRock Identity Platform Access Management V5.x.
The following is the scenario support matrix for this single sign-on experience:
| Client | Support | Exceptions |
| Web-based clients such as Exchange Web Access and SharePoint Online | Supported | None |
| Rich client applications such as Lync, Office Subscription, CRM | Supported | None |
| Email-rich clients such as Outlook and ActiveSync | Supported | None |
For more information about IBM Tivoli Federated Identity Manager, see IBM Security Access Manager for Microsoft Applications.
The following is the scenario support matrix for this single sign-on experience:
| Client | Support | Exceptions |
| Web-based clients such as Exchange Web Access and SharePoint Online | Supported | Integrated Windows Authentication is not supported |
| Rich client applications such as Lync, Office Subscription, CRM | Supported | Integrated Windows Authentication is not supported |
| Email-rich clients such as Outlook and ActiveSync | Supported | None |
For more information about IceWall Federation, see IceWall Federation Version 3.0 and IceWall Federation with Office 365.
The following is the scenario support matrix for this single sign-on experience:
| Client | Support | Exceptions |
| Web-based clients such as Exchange Web Access and SharePoint Online | Supported | Integrated Windows Authentication is not supported |
| Rich client applications such as Lync, Office Subscription, CRM | Supported | Integrated Windows Authentication is not supported |
| Email-rich clients such as Outlook and ActiveSync | Supported | None |
For more information about MobileIron see MobileIron or this password protected document.
The following is the scenario support matrix for this single sign-on experience:
| Client | Support | Exceptions |
| Web-based clients such as Exchange Web Access and SharePoint Online | Supported | None |
| Rich client applications such as Lync, Office Subscription, CRM | Supported | None |
| Email-rich clients such as Outlook and ActiveSync | Supported | None |
For more information, see NetIQ Access Manager.
The following is the scenario support matrix this single sign-on experience:
| Client | Support | Exceptions |
| Web-based clients such as Exchange Web Access and SharePoint Online | Supported | None |
| Rich client applications such as Lync, Office Subscription, CRM | Supported | Integrated Windows Authentication |
| Email-rich clients such as Outlook and ActiveSync | Supported |
For more information about client access polices see Limiting Access to Office 365 Services Based on the Location of the Client.
The following is the scenario support matrix for this single sign-on experience:
| Client | Support | Exceptions |
| Web-based clients such as Exchange Web Access and SharePoint Online | Supported | None |
| Rich client applications such as Lync, Office Subscription, CRM | Supported | None |
| Email-rich clients such as Outlook and ActiveSync | Supported | None |
For the PingFederate instructions on how to configure this STS to provide the single sign-on experience to your Active Directory users, see one of the following:
The following is the scenario support matrix for this single sign-on experience:
| Client | Support | Exceptions |
| Web-based clients such as Exchange Web Access and SharePoint Online | Supported | None |
| Rich client applications such as Lync, Office Subscription, CRM | Supported | Integrated Windows Authentication |
| Email-rich clients such as Outlook and ActiveSync | Supported | None |
For more information about RadiantOne CFS, see RadiantOne CFS.
The following is the scenario support matrix for this single sign-on experience:
| Client | Support | Exceptions |
| Web-based clients such as Exchange Web Access and SharePoint Online | Supported | None |
| Rich client applications such as Lync, Office Subscription, CRM | Supported | None |
| Email-rich clients such as Outlook and ActiveSync | Supported | None |
For more information about SecureAuth, see SecureAuth IdP.
The following is the scenario support matrix for this single sign-on experience:
| Client | Support | Exceptions |
| Web-based clients such as Exchange Web Access and SharePoint Online | Supported | Kerberos Contracts supported |
| Rich client applications such as Lync, Office Subscription, CRM | Supported | None |
| Email-rich clients such as Outlook and ActiveSync | Supported | None |
Sign&go 5.3 supports Kerberos authentication via configuration of a Kerberos Contract. For assistance with this configuration, please contact Ilex or view the setup guide Sign&go