How SSO work if Multiple AD Forest resources are synchronized with Office 365


  • Currently I have got a multi forest environment and wanted to sync the resources to O365. Need to know if we can have SSO while accessing O365 if we have syncronized AD resources from 2 or more forests.

    If anyone have done this before please could you help me.

    Friday, June 29, 2012 11:45 AM

All replies

  • First, you can only sync from a singular forest (unless you have set something up with the ADFS team at MS to manage the immutable ID). 

    As for ADFS, I have seen nothing indicating that multi-forest SSO is supported, but I don't think I've seen anything that specifically calls out that it is NOT supported, so SSO functioning is completely reliant on the first half of this response.

    Have a great day,


    Tuesday, July 03, 2012 10:43 PM
  • You can only sync one forest to Office 365. However, you can setup the users in other forests with the AD that has the parent domain that will sync to Office 365. But for the ADFS proxy, set that proxy has recommend by Microsoft, and how verify that the setup from the giude working. Set redirects in the ADFS proxy for the users that will authenicate to AD's in the other forest.
    Thursday, July 05, 2012 9:19 PM