Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

SAML Authentication - Azure AD license requirements?

Brass Contributor

I've set up a couple apps with SAML and they work great.  However, we're looking to switch users to the Microsoft 365 Business license really not sure what license we need for SAML auth to work.  I set up one user with this license and it works but I've been trying to find some official information.  Currently we use Office 365 Premium plus Enterprise Mobility + Security E3 and Office 365 ATP.  It seems we could probably replace all those with Microsoft 365 Business but I want to be sure that we'll have this SAML feature afterward. 

 

Thanks

7 Replies
SAML use requires azuread P1 licenses so you’ll need to get that or keep EMS which is what includes that functionality.

M365 comes with Azure AD P1, even the Business SKU has it, so you shouldn't need any additional SKUs. If you are talking about Office 365 Business, then you will need AAD P1 or equivalent EMS SKU.

Wow. You’re right. I totally read that as office 365. Doh.....hopefully you haven’t done anything yet OP ;). Microsoft 365 does include EMS so you’re good.

@Vasil MichevYes, I'm asking about M365, not O365. It doesn't seem like that's entirely accurate which is why the answer is so difficult to find.  Here's what I read in the FAQ

 

Does Azure Active Directory Premium P1 come with Microsoft 365 Business?

Microsoft 365 Business is built on technology from across Microsoft and while it shares some features with Azure Active Directory, it is not a full version. The security and management policies created in Microsoft 365 Business rely on some Azure functionality but does not include all features (e.g. self-service features, conditional access features, and reporting). Customers may choose to purchase Azure Active Directory Premium P1 or P2 as an add-on to Microsoft 365 Business. Please see the Microsoft 365 Business Service Description for more information

 

Can you tell by the Service Description if SAML is included or not?

Well, according to this, you can have up to 10 apps for sso per free azure ad, so if you only have a few apps for SAML, then you should be good to go. https://azure.microsoft.com/en-us/pricing/details/active-directory/

well that's just free teir, I guess it depends on how the sso is setup. Cause if it's the templates which most are, then it says you need P1..... this is a mess :P.

@Chris Webb 

The Azure AD pricing page makes it sound like I could use up to 10 apps from the gallery.  One of the apps I set up was in the gallery but the instructions I received from the vendor had me create a new app.  I could probably redo it using the gallery (pre-integrated) option if needed but still not sure if that's needed at this point.  It seems to work fine at the moment.