No one has responded to this discussion for at least a year, so this information may be out of date. If you're looking for information about this topic, please search for a more recent discussion or post a new question.

Can i use another domain name for log-in after Federation and Dir Sync

  • 4 Followers
  • 9 Replies |
  • This post has 1 verified answer |
Answered (Verified) This question is answered
i have owned domain contoso.com. But for some reason i don't wont this domain to be fedarated with o365. if i choose to federate with fs.contoso.com. Will i be able to set users to use username@contoso.com for log-in to o365.
  • Post Points: 50
Verified Answer
  • Hello Vkolev,

    Before moving on, I would like to confirm the detailed information about the requirement.
    You have added custom domain “contoso.com” to Office 365. Moreover, you deployed Single Sign-On for users with extension “contoso.com”, such as user1@contoso.com. Now, you added a subdomain “fs.contoso.com” to Office 365 and create users with extension, such as user2@fs.contoso.com. 
    You need to let user2@fs.contoso.com sign in Office 365 via Single Sign-On, and let user user1@contoso.com sign in Office 365 via cloud-based credential. Have I got this right?

    If so, based on my test, it cannot be achieved in Office 365 currently.
    If a subdomain (here is fs.contoso.com) needs to be converted to federated domain, the root domain (here is contoso.com) needs to be converted to federated first. Moreover, if the root domain is federated, the subdomain will be converted to federated too.

    If I misunderstand the issue, please feel free to post detailed information about the current situation and a detailed example of the requirement.

    Best regards,
    Claud

    • Top 10 Contributor
    • Post Points: 0
All Replies
  • Hi Claud,

    Thank you for you reply (this give me view of the picture). Lets describe my situation more detailed.

    - I have o365 Cloud based users logged in with:     username@contoso.com

    - I have Active Directory with follwoing usernames: username@ad.contoso.com

    - I want to do Federation between my AD and my o365 cloud service to use SSO

    - I can't use domain contoso.com to be federated domain

    - If i use some other domain like @other.com will i be able to use again @contoso.com for logging (like it's on cloud based o365 to choose from list of available domains) or i only will be able to log-in with federated domain or its subdomain (@other.com or @xx.other.com)

    Thanks in Advached

    • Not Ranked
    • Post Points: 0
  • Hello Vkolev,

    Thanks for your feedback.

    Based on my test, it isn’t available currently.
    As I mentioned in the last reply, in this case, the subdomain (here is ad.contoso.com) cannot be converted to Federated domain directly if the root domain (here is contoso.com) is not federated domain.

    As for the last question:
    Do you mean that if one custom domain (here is other.com) is converted to federated domain, can other users with another custom domain (here is contoso.com) extension use cloud-based credential to sign in Office 365?
    If so, Yes.

    Best regards,
    Claud

    • Top 10 Contributor
    • Post Points: 0
  • Hello Vkolev,

    I'm writing to follow up my previous reply. 
    If you need further assistance on this issue, please feel free to post back.

    Best regards,
    Claud

    • Top 10 Contributor
    • Post Points: 0
  • Thanks for following this.

    Just last quick one to completley close this.

    - If I use username@contoso.com before o365 to local ADFS federation. and after federation i use username@external.com as i can't federate contoso.com Will my usesrs keep @contoso.com for sending and receiving mails. As new UPN and login-name will be username@external.com?

    Regards Veselin

    • Not Ranked
    • Post Points: 0
  • yes, you can change your user upn with command set-msoluserprincipalname. however, you should login to OWA with your upn, instead of using email address.

    CYan

    • Not Ranked
    • Post Points: 0
  • To confirm the information you have received, the UPN and SMTP addresses don't have to match, but you will want to plan your O365 and on-premises UPN/SMTP association very carefully.

    1.  If the O365 and on-premises UPN matches, then everything is good and you can stop here.

    2.  If the O365 and on-premises UPN do NOT match, then the on-premises user object has to have an smtp address that matches the O365 UPN

    Basically, the UPN in O365 needs to be routable back to your ADFS server and then an address (UPN or smtp/SMTP) of the on-premises user needs to be associated with the object that matches the O365 UPN.

    Have a great day,

    Dan Trautman

    www.insecurityinc.info

    • Top 500 Contributor
    • Post Points: 0
  • Hello Veselin,

    Is the information above useful?
    In addition, do you need other assistance about using Office 365?

    Best regards,
    Claud

    • Top 10 Contributor
    • Post Points: 0
  • Yes it was usefull for this first Phase. of my project.

    When I start to ipmplement federation and Dirsync of our o365 with on-premises AD will have mor questions i guess :)

    Thanks you this tread can be closed now

    • Not Ranked
    • Post Points: 0
Page 1 of 1 (10 items)