Implement a Single Sign-On Solution for Live@edu


Applies to: Live@edu

Topic last modified: 2014-01-03

A single sign-on solution lets users move between on-premises resources and the cloud without having to sign in multiple times. You can add a single sign-on solution to an existing Web portal by using the single sign-on software development kit (SSO SDK) provided by the Microsoft Live@edu program. This will let you map on-premises credentials to Windows Live IDs so you can customize your Web portal to enable pre-authentication of users and add an e-mail entry point. Users can then access their cloud-based mailbox from your Web portal without having to provide a different set of credentials.

The SSO SDK includes a complete guide to implementation.

The SSO SDK requires the following:

  1. All users who access the SSO solution must have credentials in your internal directory service and a Windows Live ID that’s used to access the service.

  2. A Web portal where users authenticate.

  3. Your domain must have short-lived token (SLT) functionality enabled.

    We set up this functionality for you after you make your SSO request in the Live@edu Service Management Portal.

The server on which you implement the SSO solution has to meet the following requirements.


Prerequisite Description

Operating system

Windows Server 2003 or Windows Server 2008


Microsoft .NET Framework or later

Security certificate

The security certificate is used to authenticate to Windows Live servers.

Note We provide the certificate to you after you make your SSO request in the Live@edu Service Management Portal.

Next steps

In the Live@edu service management portal, select Single sign-on. Then, click Request SSO Support to request the SSO SDK and certificate.

After we process your request, we'll send you an e-mail message that includes instructions about how to download the SSO SDK and certificate. This e-mail will be sent to the administrator account for your domain and any additional contacts on your account record. You can update your account record by signing in to the Live@edu Service Management Portal and clicking Institution Profile. Windows Live ID services will enable SLT functionality for your domain.

For more information about user authentication, see Live@edu Authentication Scenarios.

Managing your security certificate

After you’ve set up SSO, you must keep your certificate current. If the certificate expires, users won’t be able to sign in. Starting a month prior to the expiration date, you’ll receive an e-mail notification with instructions for how to update your certificate. These notifications will be sent to the addresses listed for your domain on the Institution Profile page of the Live@edu Service Management Portal.

To check when your certificate is due to expire, type the Web address of your sign-in page in your browser, click the yellow padlock icon, click View Certificates, and then examine the Valid from field.

Related help topics
No resources were found.