Integrating Office 365 with WSO2 Identity Server
Introduction
Microsoft 365 is a complete, intelligent solution that empowers everyone to be creative and work together, securely. It has become a successful and continuously growing corporate solution. Ever-present mobile devices enable the user to work from anywhere and access the information they need from everywhere.
By concentrating everything on the cloud, Office 365 offers increased productivity and much greater support with their own tools and infrastructure. It also has the flexibility of integrating with your company’s On-Premises solutions if needed.
Adoption can become a challenge for companies that move to Office 365 from their on-premises solutions. Companies might have to put a lot of time and effort into manually migrating their IT infrastructure on to the cloud. Companies have limited datastore options to take and often it is required to migrate whole corporation user stores. This gets more difficult as Office 365 requires its users to be present in the cloud. Integration will be more complex when the current system is not compatible with the tools supported by the Microsoft.
WSO2 Identity Server provides the integration with Office 365 in the simplest way. Once the integration is done, WSO2 Identity Server itself handles the authentication and the user synchronization with the cloud.
Key Features of WSO2 Solution for Office 365 Integration
Role-Based on-demand user synchronization
Microsoft Office 365 requires users in on-premises user stores synced to Microsoft Azure Active Directory in the cloud. WSO2 IS Office365 integration allows the users to be provisioned to the Azure AD without using any external tools or additional effort.
WSO2 IS integration with Office365 utilizes Federated identity which means the password or password hash is not synchronized to Azure AD since the user authentication is provided by the on-premises WSO2 IS.
WSO2 IS Office 365 Outbound Provisioning Connector handles the user synchronization between the on-premise user store and the Azure AD.
Role-based user synchronization provides the possibility to provision the users when they are assigned with a pre-defined role and de-provision when the role is removed.
WSO2 IS further simplifies user synchronization utilizing the on-demand user provisioning capabilities. The users in the on-premise user store are automatically provisioned to the Azure AD at their first successful login to the Office 365.
There are two ways of triggering role-based user provisioning connector.
- On-demand user provisioning via adaptive authentication
Any existing user in the on-premise user store can log in to Office 365 via the identity federation. Then the role specified for provisioning is assigned to the users who are successfully authenticated if not already applied. - Manual user role assigning/de-assigning
The administrator can assign/remove the role specified for provisioning for users.
Group-based license management
WSO2 IS integration with Office 365 provides efficient license management capability using the Azure AD’s group-based license management feature.
In Azure AD, admins can define licenses to security groups. Licenses are assigned or removed at the time user joining or leaving the group.
The WSO2 solution of user synchronization allows the users to have a special attribute which will qualify them to a specific group in Azure AD at the time of provisioning via the IS. Thus the users are dynamically added to groups and assigned with licenses without any overhead.
Why WSO2 IS for Office 365 Authentication
Heterogeneous user stores
- To use Office 365 in conventional terms, users in on-premises Active Directory (AD) must be connected to Microsoft Azure Active Directory in the cloud. The traditional Microsoft approach limits your user store to Active Directory. Either you have to use on-prem AD or move/create your user base in Azure AD cloud. WSO2 IS lift off this limitation and unleash the capability to connect of Office 365 applications using your existing user base, regardless underline technology.
Multi-factor authentication
- Multi-factor Authentication (MFA) creates a layered defense and makes it more difficult for an unauthorized person to access resources
SSO and SLO with other enterprise and community application
- Enables users to provide their credentials once and obtain access to multiple applications until their session is terminated.
Let’s have a look at how easy it is…
The figure explains the flow of the events demonstrated in the video.
Conclusion
This article introduced the newest feature of WSO2 Identity Server 5.7 which handles the integration with the Office 365. When the integration is done WSO2 IS handles the authentication and the provisioning of users.
In the next series of articles, let’s discuss how to configure the WSO2 IS for this integration.
