locked
ADFS Talk RRS feed

  • Question

  • Hi,

    I have some general questions about ADFS.

    e.g

    Q : Do you need to install an OnPrem ADFS Server in order to use SSO in O365?

    e.g. I used AADSync to synchronise my OnPrem users to my O365 tenant and it works. I can create an OnPrem user in AD, sync them to O365, and have them login via the online portal using the same OnPrem credentials.

    Q: What would be a reason for me wanting to install ADFS in my corporate network?

    e.g. Would it be beneficial for issuing security tokens for claims aware apps. Like when someone attempts to access an application that I have exposed online (IFD). So if external and internal users don't have a valid security token they are directed to the ADFS server to enter their user credentials.

    Thursday, October 8, 2015 11:20 PM

Answers

All replies

  • Think of password [hash] sync as "same sign on".

    Think of ADFS as "single sign on"

    With ADFS, and everything else setup right, users can go to whatever.yourdomain.com and be dropped right into their Office 365 mailbox (or sharepoint, etc) without even being asked for credentials, not just accepting the same ones the user already knows.

    For your 2nd question, yes, ADFS can provide authentication for other service providers as well, not just office 365. 




    Mike Crowley | MVP
    My Blog -- Baseline Technologies

    • Proposed as answer by Mike Crowley Monday, October 12, 2015 3:57 PM
    • Marked as answer by Alex Lv Monday, October 26, 2015 2:19 AM
    Friday, October 9, 2015 3:57 AM
  • Ok.

    So DirSyc or AADSync just syncs your OnPrem password to O365.

    It keeps the two in sync, and your users will still to need to enter their OnPrem (AD login) details when promted to access the O365 portal.

    While SSO when set up right will go straight into the O365 portal, or any other app that is setup to use ADFS.

    All they do is login to their PC with their AD credentials, open up a web browser, go to the O365 portal and don't get prompted for authentication.

    Thanks

    Friday, October 9, 2015 8:46 AM
  • Correct, though there is obviously more steps to consider, so you should read this:

    http://blogs.technet.com/b/canitpro/archive/2015/09/11/step-by-step-setting-up-ad-fs-and-enabling-single-sign-on-to-office-365.aspx




    Mike Crowley | MVP
    My Blog -- Baseline Technologies

    • Proposed as answer by Alex Lv Friday, October 16, 2015 1:22 AM
    • Marked as answer by Alex Lv Monday, October 26, 2015 2:19 AM
    Friday, October 9, 2015 5:02 PM