Update the Live@edu SSO Toolkit to maintain single sign-on access on Office 365 Education

** Update October 8, 2014 **

Please check the Office 365 Message Center for the most recent information on support for the Live@edu SSO Toolkit 4.5 Update in Office 365.

The Message Center, inside the Office 365 admin center, is the best way to stay informed about updates to your Office 365 service. The Message Center provides information tailored to your specific configuration, including alerts about actions you need to take to keep your service running smoothly. Learn more.

** end update **

The Live@edu SSO Toolkit 4.5 Update is an interim solution in Office 365 Education to give you more time to implement federation after the upgrade.

This update enables the Live@edu SSO Toolkit to continue working before, during, and after the upgrade from Live@edu to Office 365 Education.

Important: It is recommended to install the Live@edu SSO Toolkit 4.5 Update before the Live@edu Upgrade and verify users can still sign in to Live@edu via your web portal.

If you have not applied the Live@edu SSO Toolkit 4.5 Update, the SSO Toolkit will stop working partway through the Live@edu Upgrade .

• Learn more about the Live@edu SSO Toolkit 4.5 Update
• Download the Live@edu SSO Toolkit 4.5 Update 

What is the Live@edu SSO Toolkit

The Live@edu SSO Toolkit allows users to access SkyDrive or Outlook Live from an on-premises web portal without a secondary credential challenge from the Live@edu authentication platform.

A pre-installed security certificate (provided to the school by Microsoft) establishes a trust between the on-premises web portal and the Live@edu authentication platform. This trust relationship delegates user authentication to the on-premises web portal and eliminates the need for the user to provide a password for authentication to Live@edu.

Basic overview of Single Sign-On with Live@edu

• A user browses to a school’s on-premises web portal, e.g. https://portal.contoso.edu, and provides her/his on-premise username and password.

• The web portal presents to the user an HTML page containing a “My Mailbox” link.

• When the authenticated user clicks the "My Mailbox" link, the web portal looks up the user's Microsoft account ID in the on-premises directory service.

• The on-premises web portal server passes the Microsoft account ID and the pre-installed security certificate to a Microsoft SOAP (Simple Object Access Protocol) service, and a Short-Lived Token (SLT) from Microsoft is received by the on-premises web portal server over SSL.

• Skip ahead a few steps...Single Sign-On happens.

• The user transfers seamlessly to her/his SkyDrive or Outlook Live mailbox without being prompted for credentials a second time.

What about PCNS (Live@edu Password Synchronization)?

The Live@edu SSO Toolkit is a Single Sign-On solution for browser clients.

If you are using Live@edu Password Synchronization in combination with the Live@edu SSO Toolkit to allow email rich-clients, smart phones, and other devices to connect to Live@edu, then you may wantto investigate password synchronization on Office 365.

For additional information, please see the following resources:

• Making it simple to connect Windows Server AD to Windows Azure AD with password hash sync
• Implement Password Synchronization

______________________________

Thanks for joining us today!

Zion Brewer

______________________________