No one has responded to this discussion for at least a year, so this information may be out of date. If you're looking for information about this topic, please search for a more recent discussion or post a new question.

adding single sign on later

This question is not answered This question is not answered

hi there,

I've been asked to setup a company on office365 using the cut-over method with no single-sign on (in one weekend.)

They then plan to setup single sign-on (ADFS etc) later on, perhaps a couple of months later.

I was wondering how practical that is? When I setup ADFS will it recognise there is an existing account on Office365 for that user - or will it create a new account?



All Replies
  • Hi Al,

    That is a perfectly acceptable way to do it. In the first stage, setting up your client on Office 365, you can setup Directory syncronization, then when you are ready to setup single sign on, you can pair ADFS to your Active Directory, without any problems. If you don't plan on setting up Dirsync in the fist phase, all is not lost, since Office 365 can use a soft match feature to pair the AD object to the cloud:

    I would recommend thoroughly reading the setup roadmap for Single Sign-on before getting started, since there are a lot of steps and options and you will want to have a well established plan in place before you get started. You can find the roadmap here:

    Let me know if that helps,


  • Hi Al,

    This is not answer to your question but  just want you to be aware of something about  SSO.

    Single Sign On  looks great and has  some advantage with additional  cost of  managing ADFS  . If you are doing cut-over migration I assume that you have  have smaller number of seats and network.  
     I am in same situation where wanted to to ADFS and Directory Sync after cut-over migration . However  I learned that  with single-sign  on your could based service depends on on-premises for authentication.  If   it can not reach to  ADFS server due to some outage  users can not logon  to  their mailbox.
    That's why MS recommendeds to have   ADFS with server farm with all kind of redudancy. 

    Smaller organization like to keep cost down with higher availablilty.  Think of the situation where internet outage at location for extended period of time and some people want to work from home/remote.  Now they can not logon to their mailbox.  What is a point of going to   cloud?    Without Single Sign on only thing is to enter separate password for outlook when connecting  to office365 and once saved  that is also not required.

    ADFS is highly recommended with Dirsync .   

    I discussed this with my client and decided not to go for ADFS for small setup.