No one has responded to this discussion for at least a year, so this information may be out of date. If you're looking for information about this topic, please search for a more recent discussion or post a new question.

What do I need to setup SSO? Would it benefit me?

This question is answered This question is answered

I have very little experience in IT so bear with me.

1. I already implemented Exchange Online and synchronized every Outlook in the firm with the new mailboxes. I notice that I get asked for the exchange password frequently even if I mark the remember password checkbox. Would single sign-on get rid of this prompt?

2. I only have 3 servers, two of the running AD, DNS, DHCP and backup and of them running the applications and databases. I don't have an exchange, nor do I have any extra servers, is this a problem? Do I need an extra server to run the FS? can I implement it in the situation I am in right now? I read that Exchange must be implemented in order to achive full SSO, to control user mail properties and such, I've never had exchange nor do I plan to purchase licenses for it. Will SSO still work?

 

I'm sorry if these questions are kind of vague, but I'm really kind of lost.

Verified Answer
  • Hello P3dr0M,

    For the first question:
    Once deploying SSO, user will be authenticated via on-premises AD, instead of Office 365. The using experience will depend on many factors. As a result, it’s hard to say that deploying SSO will improve the using experience or not.

    For the second question:
    On-premises Exchange isn’t related to SSO. It is related to Hybrid Exchange Deployment. Moreover, if you just need to use SSO without Hybrid Exchange Deployment, on-premises Exchange isn’t essential.
    Moreover, if you deploy SSO, you need at least 2 servers theoretically, one for DC, one for ADFS and DirSync. In addition, if you need to let users can use Office 365 service via Internet directly without VPN, you need additional servers for ADFS proxy.

    As for the password prompt issue, it may be cause by many reasons.
    Based on the current situation, you may suggest users to test whether the same occurs at other network environment, such as home network, to narrow down the root cause of the issue.

    Best regards,
    Claud

    1 out of 1 people found this post helpful.

All Replies
  • Hello P3dr0M,

    For the first question:
    Once deploying SSO, user will be authenticated via on-premises AD, instead of Office 365. The using experience will depend on many factors. As a result, it’s hard to say that deploying SSO will improve the using experience or not.

    For the second question:
    On-premises Exchange isn’t related to SSO. It is related to Hybrid Exchange Deployment. Moreover, if you just need to use SSO without Hybrid Exchange Deployment, on-premises Exchange isn’t essential.
    Moreover, if you deploy SSO, you need at least 2 servers theoretically, one for DC, one for ADFS and DirSync. In addition, if you need to let users can use Office 365 service via Internet directly without VPN, you need additional servers for ADFS proxy.

    As for the password prompt issue, it may be cause by many reasons.
    Based on the current situation, you may suggest users to test whether the same occurs at other network environment, such as home network, to narrow down the root cause of the issue.

    Best regards,
    Claud

    1 out of 1 people found this post helpful.

  • Well, my main reason for implementing SSO (if I implement it) is just that, that the won't be prompted for password in Outlook once they log on to the computer here in the local network since they really don't use anything else. I'm implementing Sharepoint Online so I guess if they could open the sharepoint site and already be logged on automatically by just being an authenticated user on the machine on the local network that would be a selling point too. But other than that I don't see much reason in doing it if it is just for user management. I don'' t have many users so I can manage them on both sides without a problem.( most users here don't connect from other networks just a selected few I would need to implement proxy for about 4 users who use activesync, I also understand that those users who connect from the outside would need to authenticate when outside the network).

  • Hello P3dr0M,

    Thanks for your feedback.
    Do you want that after user log on the computer and join to on-premises AD, the user can enter SharePoint Online team site without typing credential again via SSO?

    If so, it isn’t available after deploying SSO currently. 
    Based on the current situation and the requirement, if you deploy SSO, the ADFS proxy server is essential. Moreover, based on my experience, the authentication connectivity to Office 365 is stable and may not be the cause of the password prompt issue.

    As a result, please provide the test result at the other network environment to narrow down the root cause of the issue.

    Best regards,
    Claud 

  • Hello P3dr0M,

    How are the things going?
    In addition, do you need further assistance on the issue?

    Best regards,
    Claud