No one has responded to this discussion for at least a year, so this information may be out of date. If you're looking for information about this topic, please search for a more recent discussion or post a new question.

When to deploy single sign-on/DirSync

This question is answered This question is answered

Scenario:  ADFS environment installed and configured.  All users on BPOS for Exchange, OCS and Sharepoint.  DIrSync for BPOS enabled

Question: Can Single Sign-On be enabled before transition date?  Or is this task done during transition weekend?

All Replies
  • Looks like need Office 365 admin rights to do this, which will not be available until transition weekend.   IS this accurate?

  • Hello Statera,

    Thank you for your post.

    After discussing this question with the support engineer in our BPOS support team, I would like to share the following information with you for your reference.

    The Microsoft Online Services Sign In client application has been deprecated for Office 365. However this client should not be removed from end-user computing platforms sooner than two weeks after the transition process has completed. Do not remove it in advance or immediately after transition as this will disrupt post transition clean up actions on the server and identity side. The tool will be removed when there is no further post-transition actions to perform.

    Every user must have the Microsoft Online Sign In client application running at the time of their first attempt to use Office 365 post-transition and they must sign in one time using this client post-transition. If you have any user who does not sign in one time with the sign in client by the time you remove from your environment (e.g. users on vacation), these users will be unable to access Office 365 and your administrator will need to call Microsoft support for remediation steps. Microsoft’s recommendation is to leave the Sign In client application in your workstation build until every user is confirmed as working in Office 365.

    Once transitioned and successfully authenticated for the first time, Office 365 users will subsequently authenticate directly against applications within Office 365, with the same credentials they had prior to the transition of the service (assuming the guidance on password updates in this document has been followed), and post-transition the sign in client will perform no visible function for users and can be ignored (or removed).

    As part of the functionality improvements in the Office 365 platform, your organization has the choice to implement sign on to the service leveraging enterprise credentials, also known as Single Sign On (SSO), via the use of Active Directory Federation Services (ADFS). Because the implementation of ADFS on your premises is an identity management project in its own right, and because this cannot be accomplished prior to the transition to Office 365, detailed guidance for its implementation is outside the scope of this document. For more information about post-transition implementation, see the Single Sign On Roadmap at

    Thank you.

    Jack Sun

  • Hello Statera,

    Did the above reply answer your questions? If the information is helpful, please show this thread as answered so others may benefit from the information. Thank you.

    Jack Sun

  • What if we only use Lync Online?  No Exchange or SharePoint.  Is the BPOS Sign In Application required through the transition?  We would like to make one pass at each desktop.  Also, what is meant by "the tool will automatically disable itself"?  I assume that just means the tool does not run at startup, correct?


  • if you have SSO when using bpos, you should not remove the sign-in tool immediately, although you just use lync online. you have to reset your password one time during the migration with the sign-in tool installed. after move to o365, you can uninstall it. and install desktop setup application of o365.