Sign up for Office 365
Learn more about Office 365
We have SSO setup and if works perfectly with everything else but when it comes to Sharepoint it is not as seamless and we would like. Every morning when we connect to our sharepoint site we are prompted with a Office 365 Login to sign in. We have to put in our email address and the wait for the link to appear that says "Sign in at <domain>" Once we click it automatically login is and brings up the sharepoint site.
I have been told this is expected behaviour but how come it only happens to our Sharepoint site. If user login into OWA or the Office 365 Portal it never asks for that so why cant that same login method be applied for sharepoint?
After you deployed SSO for your organization, all web apps (Office 365 Portal / Outlook Web App / SharePoint Online / Office Web Apps) require you to enter your username or click to sign in for each session. You will not be prompted for your password if your computer is joined to the domain. It is a normal behavior.
Office 365 web sessions such as Outlook Web App (OWA) and SharePoint Online sites are maintained by web browser cookies. And the session cookie stored in memory has a Time to Live (TTL) value. Before the session cookies expires, you can access these web apps seamless.
For your convenience, I would like to list the user sign-in experience with both Cloud Identity and Federated Identity as follows for your reference.
Sign-in experience with Office 365
Microsoft Outlook® 2010 on Windows® 7
Sign in each session1
Sign in each session2
Outlook 2007 on Windows 7
Sign in each session3
Outlook 2010 or Outlook 2007 on
Windows Vista® or Windows XP
POP, IMAP, Microsoft Outlook for Mac 2011
Web Experiences: Office 365 Portal / Outlook Web App / SharePoint Online / Office Web Apps
Sign in each browser session
Sign in each session4
Office 2010 or Office 2007 using SharePoint Online
Sign in each SharePoint Online session5
Sign in each SharePoint Online Session
Outlook for Mac 2011
1 When first prompted, you can save your password for future use. You will not receive another prompt until you change the password.
2 You enter your corporate credentials. You can save your password and will not be prompted again until your password changes.
3 Outlook 2007 will be updated after Office 365 has been made generally available to have the same experience as Outlook 2010 on Windows 7.
4 All apps require you to enter your username or click to sign in. You are not prompted for your password if your computer is joined to the domain.
5 If you click on "Keep me signed in" you will not be prompted again until you sign out.
Office 365 for Enterprise Service Descriptions
If you have SSO setup then I suggest you make the use of smartlinks. We have it setup in our environment and it works great.
Basically it is setting up a sub domain / domain that resolves to the adfs bypassing the office 365 login page.
Did the above replies answer your questions? If the information is helpful, please show this thread as answered so others may benefit from the information. Thank you.
This is interesting. Dont know much about these but after reading throught that link i thought, could we not also just create standard favourites in IE that point to that "sts.contoso.com/.../" link instead of contoso.sharepoint.com?
it is using 302 redirection service rather than a DNS CNAME record, so, you should access your website with actual link, insteand of an alternative url.
The implementation of SSO, IMHO, is terrible. Isn't there a way NOT to have to go back and forth with redirection, links, browser authentication business but instead ONE forms based authentication and that's it? The Google apps methodology in my opinion is superior where passwords are actually synchronized and the entire process doesn't hinge on a single point of failure - that fs box that has to run on-prem...
So in summary I do have a constructive question: is there a better more polished way to do SSO with single forms based authentication page?
To allow users to access online services in Office 365 with your AD corporate credentials, not to maintain separate user names and passwords for your online and on-premises accounts, you should deploy Single sign-on for users in your organization. If you have additional questions, to make sure your problem can be resolved effectively, please post a new question for your problem in the forum.
Thank you for your understanding.