Subscribe to Help Center RSS FeedIf you want to connect Microsoft 365 with JumpCloud using the SAML SSO connector, read about the setup considerations before you get started.
After you review the considerations, see SSO with Microsoft 365.
General Considerations
- See SAML Configuration Notes.
- SSO isn’t available for users until they’re synced to Microsoft 365 during JumpCloud’s integration with Microsoft 365. Learn how to integrate JumpCloud with Microsoft 365.
- When SSO is enabled, all users in the email domain you’re configuring SSO for are affected. After SSO is enabled, users aren’t able to log in to Microsoft 365 using password authentication.
- To successfully complete (SSO) integration between JumpCloud and Microsoft 365, you must use a Global Administrator account in Microsoft 365.
- The default domain defined in Microsoft 365 must NOT be the domain used for SSO. This usually requires setting the *.onmicrosoft.com domain to default in the Microsoft 365 Portal.
- At this time, JumpCloud doesn’t support integration with GoDaddy’s implementation of Microsoft 365. This version has limited identity management capabilities that require SSO login with GoDaddy’s services to operate appropriately. Because of these requirements, we are prohibited from making changes to identities with the GoDaddy integration.
- Microsoft Applications: After a Microsoft 365 domain is federated, the Microsoft applications your employees use to access their email may work differently, especially older “legacy” applications.
- Read about Modern Authentication with Office 2013 and 2016.
- Learn about Enabling Modern Authentication for Microsoft 365.
AD Sync Considerations
- SSO with existing AD Sync – If you want to use JumpCloud’s SSO, but still use a local Active Directory to manage your Microsoft 365 users, you must import your users into JumpCloud using the Directories tool before SSO becomes available.
Note:
If AD Directory Sync is active for your organization, JumpCloud isn't able to update your users in Microsoft 365. SSO will still function based on users' JumpCloud log in.
- If you are migrating your Microsoft 365 users from AD Sync to JumpCloud management, JumpCloud can’t manage the users until Directory Sync is disabled.
- To disable directory sync:
- Install the Azure Active Directory Module for Windows PowerShell
- Run the the Azure Active Directory PowerShell command:
- To disable directory sync:
Get-MsolCompanyInformation
- Select the DirectorySynchronizationEnabled field.
- To disable, run the command:
Set-MsolDirSyncEnabled -EnableDirSync $false
Note:
This setting applies to all domains in your Microsoft 365 account, not just SSO domains.
iOS Considerations
The iOS Mail client supports SSO. If you want to use JumpCloud’s SSO with the iOS Mail client, make sure to follow the steps below during configuration.
- On the device go to Settings > Mail > Accounts > Exchange.
- Enter your email address and a description and click Next.
- Click Sign In, this will trigger the Safari redirect to the JumpCloud User Portal.
Back to Top
In this Article