Microsoft ups the ante with SAML 2.0 authentication for simplified log-in across cloud and on-premise

Microsoft has added Security Asserted Markup Language [SAML] 2.0 as a federated sign-in option to Office 365 in order to give on-premise Identity Providers more options when it comes to moving between cloud and on-premises services.

Related: The 7 New Year’s resolutions all enterprises should make for 2014

The company posted a blog announcing the move that comes alongside various other features that will mean that users moving between cloud and on-premises services won’t need to re-authenticate, and the move will assist Office 365 users that use an on-premises Identify Provider that isn’t Microsoft’s Active Directory.

SAML 2.0 provides account synchronisation, sign-on federation, and wider passive authentication that allows single sign-on for Office web-based applications and at some point in the future for Office desktop clients. Passive authentication means that a user only has to enter credentials once through a web form from the identity provider in order to access most services.

The new implementation means admins can now configure the Windows Azure Active Directory to be used with other SAML 2.0 apps and services alongside its current use for all Office 365 identity management as well as support for WS-Federation, WS-Trust and Shibboleth for sign on federation.

Paul Andrew, the technical product manager for Office 365 that wrote the blog, also added that passive authentication for Office desktop applications will be arriving at some point in 2014, the exact date yet to be confirmed.

Adding SAML 2.0 to Office 365 is just the latest in a number of measures that Microsoft has put in place concerning log-in and authentication when using the productivity suite.

Related: The impact of the cloud on you network, part 1: Infrastructure

SAML is a popular way to allow other companies to integrate that aren’t necessarily listed as authentication partners and it’s an approach that Dropbox for Business also took when implementing new authentication methods.