Microsoft identity manager 2016 single sign on(SSO) RRS feed

  • Question

  • Is there any feature available in MIM 2016 to implement single sign on(SSO). we have 2 active directory forests with exchange implemented in each forest. There are some users having mailboxes in both environments. these users access mail box from send forest using owa. when accessing these mailboxes from second forest there should be any password prompt. it to login to the mailbox silently....Can we achieve this with MIM 2016
    Sunday, February 7, 2016 8:29 AM

All replies

  • Hello Rajkl,

    MIM is not (and is not intended to be) any SSO solution. More suitable is AD FS for example.

    But let us know your case better. So the scenario is:

    User DomainA\User1 is accessing OWA in DomainA and is not prompted for any password. Then DomainA\User1 is accessing OWA.DomainB and it asks him for a password (and he provides DomainB\User1 credentials) - and you want access to OWA.DomainB without password prompt?

    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    • Proposed as answer by Jeff IngallsMVP Thursday, February 11, 2016 9:41 PM
    Monday, February 8, 2016 9:44 AM
  • Thanks for your inputs. Yes. the same scenario. kindly reconfirm is there any way to achieve this because Microsoft folks says MIM can do this. Both OWA urls can be published in the MIM portal and users can click on this urls and it will take to respective mailboxes without prompting for password.
    Tuesday, February 9, 2016 6:14 AM
  • Hi Rajkl,

    Like Dominik already mentioned, MIM is an Identity Management solution, not a Single-Sign-On solution. This means you cannot use MIM to configure SSO. Instead you will have to use AD FS  to achieve SSO in your environment.

    After you configured SSO for the OWA pages you can reference them in the MIM portal, but that really doesn't leverage any MIM specific functions.

    Wouter Landuyt | IS4U FIM/MIM Expert Blog:

    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer. Thank you!

    Thursday, February 11, 2016 3:02 PM
  • If an official Microsoft person is telling you MIM can solve a problem, ask them to be very specific about what problem it will solve. It sounds like there may be confusion around what is needed - they may think you are asking for directory synchronization between the forests when in fact you're looking for SSO which is solved via ADFS as previously mentioned.


    Jeff Ingalls

    Thursday, February 11, 2016 9:44 PM