Sign in
 
Home
Microsoft Online Services TechCenter >
How SSO work if Multiple AD Forest resources are synchronized with Office 365

Proposed How SSO work if Multiple AD Forest resources are synchronized with Office 365

  • Friday, June 29, 2012 11:45 AM
     
     
    Sign In to Vote
    0

    Currently I have got a multi forest environment and wanted to sync the resources to O365. Need to know if we can have SSO while accessing O365 if we have syncronized AD resources from 2 or more forests.

    If anyone have done this before please could you help me.

     

All Replies

  • Tuesday, July 03, 2012 10:43 PM
     
     Proposed
    Sign In to Vote
    0

    First, you can only sync from a singular forest (unless you have set something up with the ADFS team at MS to manage the immutable ID). 

    As for ADFS, I have seen nothing indicating that multi-forest SSO is supported, but I don't think I've seen anything that specifically calls out that it is NOT supported, so SSO functioning is completely reliant on the first half of this response.

    Have a great day,

    Dan

    www.insecurityinc.info

     
  • Thursday, July 05, 2012 9:19 PM
     
     Proposed
    Sign In to Vote
    0
    You can only sync one forest to Office 365. However, you can setup the users in other forests with the AD that has the parent domain that will sync to Office 365. But for the ADFS proxy, set that proxy has recommend by Microsoft, and how verify that the setup from the giude working. Set redirects in the ADFS proxy for the users that will authenicate to AD's in the other forest.