Currently I have got a multi forest environment and wanted to sync the resources to O365. Need to know if we can have SSO while accessing O365 if we have syncronized AD resources from 2 or more forests.
If anyone have done this before please could you help me.
First, you can only sync from a singular forest (unless you have set something up with the ADFS team at MS to manage the immutable ID).
As for ADFS, I have seen nothing indicating that multi-forest SSO is supported, but I don't think I've seen anything that specifically calls out that it is NOT supported, so SSO functioning is completely reliant on the first half of this response.
Have a great day,
- Proposed as answer by Daniel Trautman Tuesday, July 03, 2012 10:43 PM
You can only sync one forest to Office 365. However, you can setup the users in other forests with the AD that has the parent domain that will sync to Office 365. But for the ADFS proxy, set that proxy has recommend by Microsoft, and how verify that the setup from the giude working. Set redirects in the ADFS proxy for the users that will authenicate to AD's in the other forest.
- Proposed as answer by ryan bennett bpos pro Thursday, July 05, 2012 9:19 PM