Single Sign-on | SAML 2.0

OpenID Connect vs SAML 2.0

Steps in this Topic

OpenID Connect “versus” SAML 2.0

There are many differences between the OpenID Connect and SAML 2.0 based single sign-on (see https://docs.microsoft.com/en-us/azure/active-directory/develop/authentication-vs-authorization for details). One important difference is the fact that SAML is only for authentication whereas OpenID Connect can be used to authenticate a user and to get authorization to access Microsoft 365 services such as Microsoft Graph, SharePoint or Power BI in one request.


Please note When you configure SAML 2.0 based single sign-on, the plugin cannot get delegated access on behalf of the logged-in user for Microsoft 365 services. This means that the Microsoft 365 Apps that ship as part of the plugin e.g. for Power BIContent by Search (SharePoint Online)Documents (SharePoint Online / OneDrive) and Employee Directory (Microsoft Graph) can not be used.

Other premium features e.g. roles + accesscustom user fieldsavatar and user synchronization can still be used, since they can be configured to use application-level permission.