Options

Thread details

2 Replies
3 Subscribers
Postedover 1 year ago

Top contributors

mchv2.0

1710 Posts

Robert Edward

735 Posts

Jesper Stahle

374 Posts

Alexandru Dionisie

196 Posts

TheAperture

192 Posts

Connect with us

Date range: Authored by: Community:
Advanced

Search Options

Search Everything
Search Office 365

adding single sign on later

Back to Directory integration services

adding single sign on later

3 Followers
2 Replies |
This post has 0 verified answers |

This question is not answered

AlManny

Posted

on 4/2/2012 11:03 AM

hi there,

I've been asked to setup a company on office365 using the cut-over method with no single-sign on (in one weekend.)

They then plan to setup single sign-on (ADFS etc) later on, perhaps a couple of months later.

I was wondering how practical that is? When I setup ADFS will it recognise there is an existing account on Office365 for that user - or will it create a new account?

Cheers,

Share
- {0}

All Replies

David Brickel MSFT Support

Post

replied on 4/4/2012 9:31 AM

Hi Al,

That is a perfectly acceptable way to do it. In the first stage, setting up your client on Office 365, you can setup Directory syncronization, then when you are ready to setup single sign on, you can pair ADFS to your Active Directory, without any problems. If you don't plan on setting up Dirsync in the fist phase, all is not lost, since Office 365 can use a soft match feature to pair the AD object to the cloud:

support.microsoft.com/.../2641663

I would recommend thoroughly reading the setup roadmap for Single Sign-on before getting started, since there are a lot of steps and options and you will want to have a well established plan in place before you get started. You can find the roadmap here:

onlinehelp.microsoft.com/.../hh125004.aspx

Let me know if that helps,

Dave

Rakesh Bhavsar

Post

replied on 5/8/2012 7:25 PM

Hi Al,

This is not answer to your question but just want you to be aware of something about SSO.

Single Sign On looks great and has some advantage with additional cost of managing ADFS . If you are doing cut-over migration I assume that you have have smaller number of seats and network.
I am in same situation where wanted to to ADFS and Directory Sync after cut-over migration . However I learned that with single-sign on your could based service depends on on-premises for authentication. If it can not reach to ADFS server due to some outage users can not logon to their mailbox.
That's why MS recommendeds to have ADFS with server farm with all kind of redudancy.

Smaller organization like to keep cost down with higher availablilty. Think of the situation where internet outage at location for extended period of time and some people want to work from home/remote. Now they can not logon to their mailbox. What is a point of going to cloud? Without Single Sign on only thing is to enter separate password for outlook when connecting to office365 and once saved that is also not required.

ADFS is highly recommended with Dirsync .

I discussed this with my client and decided not to go for ADFS for small setup.

Share
- {0}
- Rakesh Bhavsar
- Answered (Not Verified)