{"id":111973,"date":"2024-07-08T22:03:51","date_gmt":"2024-07-09T02:03:51","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&#038;p=111973"},"modified":"2026-01-22T05:12:52","modified_gmt":"2026-01-22T10:12:52","slug":"enable-microsoft-365-entra-id-ws-federation","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/enable-microsoft-365-entra-id-ws-federation","title":{"rendered":"Enable Microsoft 365\/Entra ID WS-Federation"},"content":{"rendered":"\n<p>Use JumpCloud as your Identity Provider (IdP) for Microsoft-dependent users by configuring Web Services Federation (WS-Fed). Although WS-Fed is a Single Sign-On protocol similar to SAML SSO, it provides support for:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Windows Add Work Account AAD Join (for Office apps or JC MDM)<\/li>\n\n\n\n<li>Select Office apps (web and clients)<\/li>\n\n\n\n<li>Windows onboarding Out-of-Box (OOBE) AAD Join<\/li>\n<\/ul>\n\n\n\n<p>Read this article to learn how to setup WS-Fed.<\/p>\n\n\n\n<p><strong>Prerequisites<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A JumpCloud administrator account<\/li>\n\n\n\n<li>JumpCloud SSO Package or higher or SSO \u00e0 la carte option<\/li>\n\n\n\n<li>An <a href=\"https:\/\/jumpcloud.com\/support\/m365-sync#adding-and-authorizing-an-m365\/entra-id-sync-integration\">active and authorized M365 domain<\/a>\n<ul class=\"wp-block-list\">\n<li>Imported users must be created with a <a href=\"https:\/\/jumpcloud.com\/support\/sync-users-and-groups-from-jumpcloud-to-m365-azure-ad#connecting-users-to-an-m365\/entra-id-directory-instance\">connected<\/a> domain to map Immutable ID<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>A user with the Global administrator role in M365 and a Microsoft P1 license<\/li>\n\n\n\n<li><a href=\"https:\/\/learn.microsoft.com\/en-us\/microsoft-365\/enterprise\/connect-to-microsoft-365-powershell?view=o365-worldwide#connect-with-the-microsoft-azure-active-directory-module-for-windows-powershell\">Microsoft Graph PowerShell<\/a><\/li>\n<\/ul>\n\n\n\n<p><strong>Considerations<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>When users are federating as part of an OOBE flow, authentication will fail if requiring Device Trust&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-adding-a-new-m365-application\">Adding a new M365 Application<\/h2>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card tip\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Tip:<\/strong> \n<p>Skip this section if you have already configured <a href=\"https:\/\/jumpcloud.com\/support\/sso-with-m365\">SSO with Microsoft 365\/Entra ID<\/a><\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Login to the\u00a0<a href=\"https:\/\/console.jumpcloud.com\/login\" target=\"_blank\" rel=\"noreferrer noopener\">JumpCloud Admin portal<\/a>.<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card important\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/important-icon.png\"\/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Important:<\/strong> \n<p>If your data is stored outside of the US, check which login URL you should be using depending on your region. If your organization uses LDAP, RADIUS, or requires firewall allow list configuration, the Fully Qualified Domain Names (FQDNs) will also be region specific. See <a href=\"https:\/\/jumpcloud.com\/support\/jumpcloud-data-centers\" target=\"_blank\" rel=\"noreferrer noopener\">JumpCloud Data Centers<\/a> for the URLs, FQDNs, and IP addresses.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>Go to <strong>Access &gt; SSO Applications<\/strong>.\u00a0<\/li>\n\n\n\n<li>Configure <a href=\"https:\/\/jumpcloud.com\/support\/sso-with-m365\">SSO with Microsoft 365\/Entra ID<\/a> and ensure the<strong> IdP Entity ID<\/strong> is the name of the domain you want to federate.<\/li>\n\n\n\n<li>Select the newly created application and copy the application ID from its URL.<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card tip\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Tip:<\/strong> \n<p>To find the application ID, open the application in the JumpCloud Admin Portal. If the URL is <kbd>https:\/\/console.jumpcloud.com\/#\/applications\/663a8fb979aa83c58df6081e\/details<\/kbd>, the application ID is <kbd>663a8fb979aa83c58df6081e<\/kbd>.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-federating-the-domain\">Federating the Domain<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>If not installed, install <a href=\"https:\/\/learn.microsoft.com\/en-us\/microsoft-365\/enterprise\/connect-to-microsoft-365-powershell?view=o365-worldwide#connect-with-the-microsoft-azure-active-directory-module-for-windows-powershell\">Microsoft Graph PowerShell<\/a>.<\/li>\n\n\n\n<li>Run <kbd>Get-MgDomain |&nbsp; Select Id, AuthenticationType<\/kbd> to see list of domains (domain will show as <strong><em>managed<\/em><\/strong>).<\/li>\n\n\n\n<li>If necessary, log into your MS Tenant.<\/li>\n\n\n\n<li>In a new tab, copy and paste the following URL:<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p><kbd>https:\/\/sso.jumpcloud.com\/wsfed\/:appID\/commands<\/kbd><\/p>\n<\/div><\/div>\n\n\n\n<ol start=\"5\" class=\"wp-block-list\">\n<li>Replace <kbd>:appID<\/kbd> with the Application ID copied in the previous section and hit <strong>Enter<\/strong><\/li>\n\n\n\n<li>Copy the output<\/li>\n\n\n\n<li>In Powershell, paste the command that was generated and hit <strong>Enter<\/strong>.<\/li>\n\n\n\n<li>If successful, it will take you back to the prompt.<\/li>\n\n\n\n<li>Verify the domain is federated by rerunning <kbd>Get-MgDomain |&nbsp; Select Id, AuthenticationType<\/kbd> to see list of domains (domain will now show as <strong><em>federated<\/em><\/strong>).<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-logging-into-the-federated-domain\">Logging into the Federated Domain<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Log in as a user to the <a href=\"https:\/\/console.jumpcloud.com\/userconsole#\/\" target=\"_blank\" rel=\"noreferrer noopener\">JumpCloud User Portal<\/a>.<\/li>\n\n\n\n<li>Click <strong>I understand<\/strong> at the <strong>Password Update Notice<\/strong>.<\/li>\n\n\n\n<li>In the User Portal, select the <strong>Microsoft 365<\/strong> tile and sign in.<\/li>\n\n\n\n<li>If successful, you will be taken to your M365 portal.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Use JumpCloud as your Identity Provider (IdP) for Microsoft-dependent users by configuring Web Services Federation (WS-Fed). Although WS-Fed is a [&hellip;]<\/p>\n","protected":false},"author":205,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[2855,2902],"support_tag":[],"coauthors":[2839],"class_list":["post-111973","support","type-support","status-publish","hentry","support_category-apps-and-integrations","support_category-sso"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.3.1 (Yoast SEO v25.3.1) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Enable Microsoft 365\/Entra ID WS-Federation - JumpCloud<\/title>\n<meta name=\"description\" content=\"Learn how to configure WS-Fed to support JumpCloud&#039;s Microsoft-dependent users.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/enable-microsoft-365-entra-id-ws-federation\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Enable Microsoft 365\/Entra ID WS-Federation\" \/>\n<meta property=\"og:description\" content=\"Browse the JumpCloud Help Center by category, search for a specific topic, or check out our featured articles.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/enable-microsoft-365-entra-id-ws-federation\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2026-01-22T10:12:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2025\/10\/Site-Display-Images-Support.png\" \/>\n\t<meta property=\"og:image:width\" content=\"890\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"Joy Jaswinski\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/enable-microsoft-365-entra-id-ws-federation\",\"url\":\"https:\/\/jumpcloud.com\/support\/enable-microsoft-365-entra-id-ws-federation\",\"name\":\"Enable Microsoft 365\/Entra ID WS-Federation - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"datePublished\":\"2024-07-09T02:03:51+00:00\",\"dateModified\":\"2026-01-22T10:12:52+00:00\",\"description\":\"Learn how to configure WS-Fed to support JumpCloud's Microsoft-dependent users.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/enable-microsoft-365-entra-id-ws-federation#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/enable-microsoft-365-entra-id-ws-federation\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/enable-microsoft-365-entra-id-ws-federation#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Enable Microsoft 365\/Entra ID WS-Federation\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Enable Microsoft 365\/Entra ID WS-Federation - JumpCloud","description":"Learn how to configure WS-Fed to support JumpCloud's Microsoft-dependent users.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/enable-microsoft-365-entra-id-ws-federation","og_locale":"en_US","og_type":"article","og_title":"Enable Microsoft 365\/Entra ID WS-Federation","og_description":"Browse the JumpCloud Help Center by category, search for a specific topic, or check out our featured articles.","og_url":"https:\/\/jumpcloud.com\/support\/enable-microsoft-365-entra-id-ws-federation","og_site_name":"JumpCloud","article_modified_time":"2026-01-22T10:12:52+00:00","og_image":[{"width":890,"height":525,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2025\/10\/Site-Display-Images-Support.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes","Written by":"Joy Jaswinski"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/enable-microsoft-365-entra-id-ws-federation","url":"https:\/\/jumpcloud.com\/support\/enable-microsoft-365-entra-id-ws-federation","name":"Enable Microsoft 365\/Entra ID WS-Federation - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"datePublished":"2024-07-09T02:03:51+00:00","dateModified":"2026-01-22T10:12:52+00:00","description":"Learn how to configure WS-Fed to support JumpCloud's Microsoft-dependent users.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/enable-microsoft-365-entra-id-ws-federation#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/enable-microsoft-365-entra-id-ws-federation"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/enable-microsoft-365-entra-id-ws-federation#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"Enable Microsoft 365\/Entra ID WS-Federation"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/111973","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/205"}],"version-history":[{"count":2,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/111973\/revisions"}],"predecessor-version":[{"id":138452,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/111973\/revisions\/138452"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=111973"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=111973"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=111973"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=111973"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}