Today while I was prepping for a training I'll be delivering on Office 365, I came across a very interesting discovery: Office 365 supports SAML 2! I get a lot of emails about this, so I wanted to explain real quick.
The training course is about how to set up Web SSO to Office 365 using a federation server other than ADFS, namely PingFederate from our partner Ping Identity. When I worked out how to do this a year and half ago, I explained at CIS how it required WS-Federation. While prepping my slides today though, I saw something that tipped me off to the possibility of doing it using SAML 2. While looking around for the reference docs for the MSOL PowerShell commands, I found this page explaining how to setup SSO to Office 365 using Shibboleth. From this, I figured that Shib supported WS-Fed, which surprised me a bit. Curious, I looked at the following snippet which is shown on that page for establishing the trust between Shibboleth and Microsoft Azure Active Directory: