Setting up SSO to access your Office 365 SharePoint site is done using a REDIRECT Protocol.
You can think of an application configured with the REDIRECT protocol as a bookmark in SSO. It isn't enforcing an IdP initiated logon, but instead is simply redirecting a new tab to the destination URL. In the case of SharePoint Online, the redirect hits yourcompany.sharepoint.com in an attempt to gain access to the resource. If you are not yet logged into Office 365, then a prompt is shown. When you are federated like you are with AuthAnvil, as soon as you type your email address it will automatically redirect back to AuthAnvil using SP initiated logon. Since you are already logged into AuthAnvil, it gets its SSO token and then redirects back to Sharepoint... properly logged in.
If you were logged into Office 365 already, then you won't see the Office 365 prompt. It will do the SP-Init behind the scenes and automatically allow you to the resource.
So as a recap:
Scenario 1
1. User signs into AuthAnvil SSO.
2. User clicks Sharepoint Online icon
3. User is REDIRECT to companyname.sharepoint.com
4. If already logged into Office 365, allows you right in.
5. If not logged into Office 365, it prompts for username / password, or a previous logged in identity selector.
6. As soon as username is entered (or selected), Office 365 sees the domain is federated and conducts an SP-Init to AuthAnvil
7. AuthAnvil sees you are already logged in, issues the federated token and redirects back to Sharepoint
8. The user is logged in.
Scenario 2
1. User goes to companyname.sharepoint.com directly.
2. If not logged into Office 365, it prompts for username / password, or a previos logged in identity selector.
3. If already logged into Office 365, allows you right in.
4. As soon as username is entered, Office 365 sees the domain is federated and conducts an SP-Init to AuthAnvil
5. User logs into AuthAnvil SSO
6. AuthAnvil automatically creates federated token and redirects back to Sharepoint.
7. The user is logged in.
The users need to be logged into Office 365 before anything can happen. This is by design, and is the only supported way Microsoft allows it. To our knowledge there is nothing else we can do about how MS supports this. The REDIRECT protocol was built so you can create fast links to direct content like Sharepoint Online.
We can add a direct link in SSO to your Office 365 SharePoint site using the following steps.
Note: This has only been tested with SSO v4.1.1 and newer.
Open AA Manager > Single Sign On > Applications.
Select Add New Application, Name it SharePoint.
Select Protocol Configuration, select Protocol and choose Redirect
Use your SharePoint Domain login as the Reply to URL and Audience URI.
Add the Application to the appropriate SSO Role for your users and have them Log into https://(your domain)/sso to access SharePoint!
Questions?
If you have any questions or need some help, we would be happy to assist. Open a case at help.scorpionsoft.com or send an email to support@scorpionsoft.com.