Customer would like to have single sign on (using ADFS) for O365, from the first day the users are transitioned to O365. I.e. allocate a weekend for the transition. All users will use their corporation AD password to log on to O365
on the following Monday. Is that possible?
This is, currently, not available. In the next quarter, we will be having new options that MAY include this, but I would recommend (if you have this many users licensed for BPOS) contacting your Service Transition Manager to coordinate this request
with your transition.
Hi Ligion, the issue comes from the following, which will hopefully help show how the overall Transition works:
BPOS is synchronizing your BPOS objects, users, contacts, groups and custom domains into O365 as a pre-transition step. once your BPOS tenant has been Transitioned, this service synchronization is removed and your O365 tenant's DirSync service is disabled.
This disablement can take between ~24-48 hours depending on how many objects you have. Once this is complete, you as an online Admin can go into the Online Portal and
enable DirSync and start working against custom domains.
So I would say that once you are able to enable DirSync, say ~24 hours after you receive your "Transition complete" email from the Transition Service, you can do the following:
1. Download ADFS V2 and install the server(s) - You can do this ahead of time to get ready for the configuration of services.
2. Download the Microsoft Online PowerShell for Windows - Provides the ability to convert your transitioned BPOS custom domain from
Managed to Federated. You will want to do this first, as converting the domain to Federated will also convert all the users associated with the custom domain.
3. Install, configure and run DirSync so that all your online users become re-associated and managed via your on-premises AD.
So while you cannot get all this setup Sunday afternoon/Monday morning, you can setup ADFS ahead of time and get that and the DirSync machines all setup and ready. Once you are able to enable DirSync for your O365 tenant, you can start moving forward
with converting the custom domain from Managed to Federated
which will start you down the path of getting ADFS and SSO for all of your users.
Net-Net: Users will be logging in with a separate username/password for most likely Monday/Tuesday after Transition. if you get everything setup, the domain converted and ADFS and end-user machines properly configured, they will
login to services Wednesday morning and not be prompted for credentials and most likely never notice that they have changed from a Managed Online Identity to a Federated Identity.
Microsoft réalise une enquête en ligne pour comprendre votre opinion sur le site Web de Technet. Si vous choisissez de participer, l’enquête en ligne vous sera présentée lorsque vous quitterez le site Web de Technet.