As you might have noticed, if your company has a 365 environment, you’re unlikely having an SSO with it. Most of the times, when you enter the URL of your SharePoint Online landing page, say : https://contoso.sharepoint.com/, you are prompted to enter your e-mail address. If you use the same e-mail address for a Microsoft Account and an Organizational Account, you’ll get a second prompt invite to choose the type of account you want to sign in with.
If you need to integrate with 365 from an on-prem page and don’t want your users to be prompted, there is a means, providing you’re in a federated environment. The purpose of the initial login prompt is to inform 365 about the target domain you want to visit. By giving your e-mail address, the part behind the @ informs 365 about it, and 365 checks whether or not you have established a federation. In such case, you’re redirected to the login page of your ADFS.
Here is a code example demonstrating this, with a Yammer Embed integration:
In this example, I start by checking the presence of a cookie. The goal is to avoid injecting the iframe at every page refresh or for every page belonging to the same domain. By the way, this injection should be done from a master page for instance so that it is available for all the pages. If the cookie doesn’t exist yet, inject the iframe and notice the smartilnk where I specify consoto.com and the reply url. We also attach an onload event which is supposed to trigger once the iframe finishes loading. We call the doEmbed() function from that event handler. Of course, here you could call whatever you need to do with 365, embed is just an example.
Beware that the onload event might be triggered multiple times by the browser…including before the iframe has finished loading, which in that case would trigger your post-authenticatin code to fail as the authentication isn’t performed yet…So the post-authentication code should be robust enough to execute multiple times. Last time it will be triggered will be the right one for sure. In this case, that’s why I added $(“#embedded-feed”).empty() in order to clear the DIV.
Admittedly, it’s not the nicest way of getting a transparent login but it works providing you use a browser that supports integrated authentication with ADFS.
How to test?
Clear all your cookies, close your browser and navigate to your page. The embed control should automatically target your Yammer network without asking to login.