locked
business to business federation RRS feed

  • Question

  •      We have an existing ADFS setup for our Office 365 and have just purchased a new company. I need to setup adfs to their adfs server so that we can open up free/busy, sharepoint, and some file shares during the transition. Eventually we will merge them into our forest but the VPN tunnels won't be in place for several weeks.

        1. Am I best off with adfs or a domain trust? (waiting on the VPN)

        2. Do we need a 3rd party certificate for validation?

         3. Do we have to have the same version of adfs on bothe sides? 

         4. are there advantages to moving to adfs 3?

          5. how best to handle name resolution acroos the connection?  

    Thursday, June 9, 2016 4:03 PM

Answers

  • 1. Federation will be able to handle the claim-based application. So website configured to support this (so if your SharePoint is set to Windows Authentication, which is the default, it has to be changed). If you are moving your files and share on a SharePoint, then potentially you can leverage ADFS, else you will have to use the classic domain trust. And for the Free-Busy, I guess you'll need an actual AD trust (I'm no Exchange expert).

    2. Since you will not be able to use ADFS because of your unsupported scenario, then it doesn't really matter... But for the sake, as long as you are proposing a service externally, on machine that you or your partner do not manage, you'll have to use a public CA for your SSL cert. For token signing/decrypting, you can keep self-signed.

    3. Does not matter.

    4. Instead of? ADFS 2? Yes, many :)

    5. Stub zones or conditional forwarder. Up to you.

    Because you will likely use AD trust, please do not hesitate to post in the Directory Services forum. Plenty of good people will guide you through that path.

    Note that because you already have Office 365, maybe you can leverage that path. Put the ressource you need to share in Office 365 in both sides. See the Office 365 forums for guidance if you'd like to pursue this path.


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Monday, June 13, 2016 1:29 PM

All replies

  • 1. Federation will be able to handle the claim-based application. So website configured to support this (so if your SharePoint is set to Windows Authentication, which is the default, it has to be changed). If you are moving your files and share on a SharePoint, then potentially you can leverage ADFS, else you will have to use the classic domain trust. And for the Free-Busy, I guess you'll need an actual AD trust (I'm no Exchange expert).

    2. Since you will not be able to use ADFS because of your unsupported scenario, then it doesn't really matter... But for the sake, as long as you are proposing a service externally, on machine that you or your partner do not manage, you'll have to use a public CA for your SSL cert. For token signing/decrypting, you can keep self-signed.

    3. Does not matter.

    4. Instead of? ADFS 2? Yes, many :)

    5. Stub zones or conditional forwarder. Up to you.

    Because you will likely use AD trust, please do not hesitate to post in the Directory Services forum. Plenty of good people will guide you through that path.

    Note that because you already have Office 365, maybe you can leverage that path. Put the ressource you need to share in Office 365 in both sides. See the Office 365 forums for guidance if you'd like to pursue this path.


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Monday, June 13, 2016 1:29 PM
  • Need additional info?

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Friday, June 17, 2016 1:48 PM