The PingFederate Office 365 Provisioner enables enterprises to provision users and groups to Office 365.
The Office 365 Provisioner includes a quick connection template to easily set up a
connection with Office 365, which can be used for single sign-on (SSO), provisioning, or
both. The provisioner makes use of the Microsoft Graph API to communicate with Azure, which
acts as the user and group repository for Office 365. The provisioner includes licensing
disabledPlans attributes) and the
ability for managers to be assigned to provisioned users (
This provisioner is for outbound provisioning only and is not intended for inbound or hybrid environments.
- Browser-based SP and IdP-initiated SSO
- Includes support for user and group life cycle management (including creates, updates, disables, and deletes).
- Includes configuration options for workflow capabilities (for example, the ability to disable updates).
This document is intended for PingFederate administrators.
If you need help during the setup process, see the following resources:
- The following Knowledge Base article:
- The following sections of the PingFederate documentation:
- PingFederate 9.0 or later.
- An existing Office 365 account.
- SSO requires the following:
- A domain that has been created for use as a federated domain and is accessible and DNS resolvable by Microsoft.
- Administrative access to modify DNS records for the federated domain.
- The PingFederate server must be externally accessible.
- A Windows platform in order to run SSO related configuration using Powershell. The Windows platform must be able to access the Azure management portal.