Office365 is the ServiceProvider or RP.
CA SSO is the IdentityProvider or AP.
In this case if there are no Alumni credentials in the onPremise IdentityStore which the onPremise CA SSO uses, how can we Authenticate?
I would say for Students use Federated SSO and for non Student i.e. Alumni use Cloud Identity - if there is way in Office 365 to ascertain based on credentials OR different logon URLs.
The other alternative is to create the sync engine between Office 365 Cloud and onPremise IdentityStore. Once the Identities are synced then you can use a single logon and Federated access for all users.
https://blogs.office.com/2014/05/13/choosing-a-sign-in-model-for-office-365/
Regards
Hubert