Single sign-on behavior on a device that uses Office 365 apps

An example on how to configure an account on a device when single sign-on is enabled.

Users can directly access apps that use single sign-on without typing a password. However, users must manually authenticate with one of these apps (Office 365 Mail, SharePoint, RMS, or OneDrive) by using a username and a password.

When a user signs in to an app, MaaS360 generates a token and uses that token to authenticate with other apps that are marked for single sign-on.

  • MaaS360 does not store passwords.
  • MaaS360 only stores authentication tokens and uses those tokens for subsequent logins.
  • MaaS360 ensures that tokens are automatically refreshed when the tokens expire. If a password has changed on the cloud, users must authenticate again with the new password.
The following images provide an example of single sign-on behavior on the device for a new user:
  1. In the initial account configuration screen, click Sign in.
    Manual authentication

    The authentication screen that is configured by the administrator is displayed.

  2. Provide a username and a password.
    Authentication screen

    If authentication is successful, users can directly access email and doc resources without typing passwords.

  3. When users open email or doc resources, a Single Sign On dialog is displayed. By default, the enrollment email ID is populated, but users can clear that email ID and provide the email ID that is registered for Office 365.
    Modern auth email switch