SSO with office 365

Question

We have an on-premise website at the moment and I need to make it public, but require users to log in with their office 365 username and password.

My problem is that I've looked everywhere and can't seem to find an implementation for ubuntu servers.

I've also seen many instances of syncing office 365 accounts to the on-premise AD accounts, but not the opposite.

Ideally it should be implemented through Single Sign On.

Answer 1

There are two most likely approaches to achieve this:

1. Configure SAML SSO in your application then use Azure AD as the IdP (as in Bernhard's comment). This will allow your application to gain information passed within the Saml token. You'll still need to present the site to the Internet via some sort of reverse proxy
2. Consider placing your website behind Azure App Proxy. This will allow you to publish the site over the Internet without having to open any firewall ports, and will allow you to use KCD to log users in without having to configure anything in your application, simply enabling Windows Integrated Authentication. This provides two very important benefits: 1) Unauthenticated visitors cannot hit the site at all, providing significant DDoS/attack protection, and; 2) No reverse proxy or other appliances are required, typically

Answer 2

You need to register your website as an Azure AD application, which will provide you with an app id and app secret. Your website will then need to implement the oauth 2.0 flow. Microsoft provides libraries for most platforms but if they don't have one for yours, everything is accessible through REST calls.