{"id":517,"date":"2013-09-03T13:09:00","date_gmt":"2013-09-03T05:09:00","guid":{"rendered":"http:\/\/vm-officeblogs.cloudapp.net\/2013\/09\/03\/works-with-office-365-identity-program\/"},"modified":"2022-07-22T06:53:52","modified_gmt":"2022-07-22T13:53:52","slug":"works-with-office-365-identity-program","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/microsoft-365\/blog\/2013\/09\/03\/works-with-office-365-identity-program\/","title":{"rendered":"Works with Office 365 – Identity program"},"content":{"rendered":"

Editor\u2019s note 10\/3\/2016:
\n<\/b>As we continue to expand the number of qualified third-party identity providers, the \u201cWorks with Office 365 – Identity Program\u201d has been updated and is now the \u201cAzure AD Federation Compatibility List.\u201d<\/p>\n

Paul Andrew, <\/em>@pndrw<\/em><\/a>, is technical product manager for Identity Management on the Office 365 team.<\/em><\/p>\n

Your company directory is the list of users who can sign in to use applications and the users that you can look up so you can send an email or grant access to documents. Office 365 provides three ways for you to manage user accounts in your directory: cloud identity, directory synchronization, and federated identity-all described in this post. Often customers using the third way, federated identity, need to integrate Office 365 with an existing (third-party) identity provider that holds their directory. The Works with Office 365-Identity<\/b> program, which we also describe here, facilitates this process by qualifying third-party identity providers with Office 365.<\/p>\n

Three ways to manage user accounts in Office 365<\/h1>\n

1.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Cloud identity<\/b>: Users are created and managed in Office 365 and are stored in Windows Azure Active Directory (AD). There is no connection to any other directory.<\/p>\n

Cloud identity has no integration requirements. Each user is created once in the cloud and the account exists only in Windows Azure AD.<\/p>\n

2.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Directory synchronization<\/b>: Users are created and managed in an on-premises identity provider and are synchronized to Windows Azure AD, where they can be used for login to Office 365.<\/p>\n

Directory synchronization uses an existing on-premises directory and synchronizes it to Windows Azure AD. This synchronization can be done from an on-premises active directory using the Directory Synchronization tool, or it can be done from a non-AD on-premises directory using PowerShell and the Azure AD Graph APIs<\/a>. Synchronization means that accounts are managed on-premises and properties cannot be edited through the Office 365 cloud interface. If you’re using the Directory Synchronization tool with Active Directory, then password hashes can also be synchronized so that users can log in with the same password on-premises and in the cloud. For more information about directory synchronization and password hash synchronization, see TechNet Documentation for Directory Sync and Password Sync<\/a>.<\/p>\n

3.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Federated identity:<\/b> In addition to directory synchronization, login requests are handled by the on-premises identity provider. Federated identity is usually used to implement single sign-on.<\/p>\n

Federation provides for a user to be signed in using the federated identity provider for the user’s password check. Directory synchronization is also required as a prerequisite in order to populate the cloud-based directory. When using federated identity, many Office 365 customers use Active Directory Federation Services, which manages login password checks with the on-premises Microsoft Active Directory infrastructure. Some customers use third-party identity providers and Microsoft supports Office 365 when it is connected with a variety of qualified third-party identity providers. Here are the federation options:<\/p>\n