Sign up for Office 365
Learn more about Office 365
our email system was a hosted Exchange environment, then we migrated it to Office 365. now we want to federate Office 365 with our internal AD to have SSO (our internal AD a seperate AD from hosted Exchange environment).
is it possible? if so, how?
Hi Bing Hu,
Yes, it's possible to deploy SSO in your environment, but the steps are different according to which migration method you have used for the migration.
If you migrated your email to Office 365 with a staged Exchange Migration, you should have already deployed DirSync in your environment. To enable SSO, you just need to setup ADFS farm and convert your domain to a federation domain. Please refer to the following articles to do this:
Plan for and deploy Active Directory Federation Services 2.0 for use with single sign-on
Single sign-on: Roadmap
If you have used a Cutover Exchange Migration, you need to first deploy DirSync in your environment. To avoid DirSync sync duplicate users to Office 365, please first the edit the primary SMTP address in your local AD to make it match the online users primary SMTP address. By doing this, DirSync will match the local users with corresponding online users with the SMTP address. Please refer to How to use SMTP matching to match on-premises user accounts to Office 365 user accounts for Directory Synchronization. After that, you deploy ADFS and SSO in your environment.
Did the above reply answer your questions? Please let us know if you need further assistance.