ADFS to Be Enabled Right After BPOS to O365 Transition?


  • Hi,

    • Our customer is currently on BPOS-S
    • They have thousands of users
    • The're using BPOS sign in app
    • They'll move to O365 2 months later

    Customer would like to have single sign on (using ADFS) for O365, from the first day the users are transitioned to O365. I.e. allocate a weekend for the transition. All users will use their corporation AD password to log on to O365 on the following Monday. Is that possible?

    Thanks in advance!

    mercredi 29 février 2012 01:35

Toutes les réponses

  • This is, currently, not available.  In the next quarter, we will be having new options that MAY include this, but I would recommend (if you have this many users licensed for BPOS) contacting your Service Transition Manager to coordinate this request with your transition.


    lundi 12 mars 2012 22:55
  • Hi Ligion, the issue comes from the following, which will hopefully help show how the overall Transition works:

    BPOS is synchronizing your BPOS objects, users, contacts, groups and custom domains into O365 as a pre-transition step.  once your BPOS tenant has been Transitioned, this service synchronization is removed and your O365 tenant's DirSync service is disabled.  This disablement can take between ~24-48 hours depending on how many objects you have.  Once this is complete, you as an online Admin can go into the Online Portal and enable DirSync and start working against custom domains.

    So I would say that once you are able to enable DirSync, say ~24 hours after you receive your "Transition complete" email from the Transition Service, you can do the following:

    1.  Download ADFS V2 and install the server(s) - You can do this ahead of time to get ready for the configuration of services.

    2.  Download the Microsoft Online PowerShell for Windows  - Provides the ability to convert your transitioned BPOS custom domain from Managed to Federated.  You will want to do this first, as converting the domain to Federated will also convert all the users associated with the custom domain.

    3.  Install, configure and run DirSync so that all your online users become re-associated and managed via your on-premises AD.

    So while you cannot get all this setup Sunday afternoon/Monday morning, you can setup ADFS ahead of time and get that and the DirSync machines all setup and ready.  Once you are able to enable DirSync for your O365 tenant, you can start moving forward with converting the custom domain from Managed to Federated which will start you down the path of getting ADFS and SSO for all of your users.

    Net-Net:  Users will be logging in with a separate username/password for most likely Monday/Tuesday after Transition.  if you get everything setup, the domain converted and ADFS and end-user machines properly configured, they will login to services Wednesday morning and not be prompted for credentials and most likely never notice that they have changed from a Managed Online Identity to a Federated Identity. 


    Transitions Community Lead ...Ryan J. Phillips

    lundi 19 mars 2012 21:52