Subscribe to Help Center RSS FeedTo connect Microsoft 365 to ºÚÁϺ£½Ç91Èë¿Ú, you can use our Microsoft 365 Integration, our Microsoft 365/Entra ID SAML connector, or both. Read this article to learn more about the benefits and use cases for each one and how they can be used together.
Key Differences
The following are key differences between the Microsoft 365 Directory Integration and Microsoft 365 SAML connector:
Microsoft 365 Directory Integration
- Is an OAuth2-based integration
- Enables user provisioning, attribute management, and user suspension in ºÚÁϺ£½Ç91Èë¿Ú
- Lets users log in to Microsoft 365 directly
- Requires Multi-factor Authentication (MFA) configuration in Microsoft
- Establishes ºÚÁϺ£½Ç91Èë¿Ú as the password authority once users log in to the ºÚÁϺ£½Ç91Èë¿Ú User Portal; whenever the user password or attributes change in ºÚÁϺ£½Ç91Èë¿Ú, ºÚÁϺ£½Ç91Èë¿Ú updates Microsoft 365
Microsoft 365/Entra ID SAML Connector
- Is a SAML 2.0-based integration
- Users are managed in ºÚÁϺ£½Ç91Èë¿Ú. Every Microsoft 365 user must also be a ºÚÁϺ£½Ç91Èë¿Ú user to log in to Microsoft 365
- Directs users to log in from a ºÚÁϺ£½Ç91Èë¿Ú log in page. If a user attempts to log into Microsoft 365 directly, they’re redirected to login via SSO
- Requires MFA configuration in ºÚÁϺ£½Ç91Èë¿Ú
- Doesn’t update passwords or attributes in Microsoft 365; users are always forced to authenticate against ºÚÁϺ£½Ç91Èë¿Ú.
- Users must be bound to an existing Microsoft 365 Directory Integration
ºÚÁϺ£½Ç91Èë¿Ú’s Microsoft 365 Integration uses OAuth to create a secure, persistent connection between Microsoft 365 and ºÚÁϺ£½Ç91Èë¿Ú. ºÚÁϺ£½Ç91Èë¿Ú becomes the authoritative source of identity, which lets you:
- Import existing Microsoft 365 users
- Export new ºÚÁϺ£½Ç91Èë¿Ú users to Microsoft 365
- Sync user attributes and passwords between ºÚÁϺ£½Ç91Èë¿Ú and Microsoft 365
- Centralize user provisioning and deprovisioning
- Give users one set of credentials to access ºÚÁϺ£½Ç91Èë¿Ú, Microsoft 365, and other resources you’ve integrated with ºÚÁϺ£½Ç91Èë¿Ú, like systems, RADIUS, and LDAP
Learn more:
- Tutorial:
- Read Microsoft 365 Directory Integration Overview.
The Microsoft 365 SAML Connector/Entra ID uses the Security Assertion Markup Language (SAML 2.0) to authenticate ºÚÁϺ£½Ç91Èë¿Ú users to Microsoft 365. Connect the Microsoft 365/Entra ID SAML connector to ºÚÁϺ£½Ç91Èë¿Ú to:
- Manage user access to Microsoft 365
- You can authorize user access to Microsoft 365, and you can suspend or delete user access to Microsoft 365:
- Learn more about authorizing user access to SAML applications
- Learn more about suspending a user account or deleting a user account
- You can’t import or export user accounts with our SAML connectors
- You can authorize user access to Microsoft 365, and you can suspend or delete user access to Microsoft 365:
- Map user attributes between ºÚÁϺ£½Ç91Èë¿Ú and Microsoft 365 so that you can customize user permissions and roles
- Give users one set of credentials to access ºÚÁϺ£½Ç91Èë¿Ú, Microsoft 365, and other resources you’ve integrated with ºÚÁϺ£½Ç91Èë¿Ú, like systems, RADIUS, and LDAP
Learn more:
If you want to use the M365 SAML/Entra ID Connector, it must be configured alongside the Microsoft 365 Directory Integration. Users who are not bound to an M365 Directory Integration will not be able to login using SSO because they will be missing the M365 immutable ID.
Using both the Microsoft 365 Integration and the Microsoft 365/Entra ID SAML Connector, you can centralize user provisioning, management, and deprovisioning and have fine-grained access management from ºÚÁϺ£½Ç91Èë¿Ú. You save time by doing your tasks in a single interface and users gain a consistent experience for accessing all their ºÚÁϺ£½Ç91Èë¿Ú and Microsoft resources.
In this Article