Share via

Azure connect - ADFS with my SSO

Anonymous
2020-02-25T20:25:26+00:00

Hello everyone,

I'm a Belgian student and I'm currently intern in a small company.

My project is to create a SSO (Gluu) server and integrate Office 365 with it, so the purpose is that all users connect once and have access to all the services/websites configured in the SSO.

I would like to connect my SSO to Office 365 and I would like that my SSO do the authentication of all users in external network and internal. I have seen that it could be possible using a proxy ADFS but I have asked to my sysadmin but it's not possible. So I'm looking for another solution.

Here is a schema of my infrastructure.

Thank you very much.

Microsoft 365 and Office | Subscription, account, billing | For home | Windows

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments
Answer accepted by question author
  1. Anonymous
    2020-02-26T07:18:34+00:00

    Hello Julien,

    Thanks for your reply with patience.

    If you prefer the Pass Through Authentication (PTA) to sync your AD users to Office 365 Azure AD, this is OK.  However,  you would not be able to continue using ADFS integrate your own SSO service for user authentication. For more details about Pass Through Authentication with AAD conect, please refer to User sign-in with Azure Active Directory Pass-through Authentication.

    Moreover, if you still want to use AFDS for user authentication, you cannot enable Pass Through Authenticaiton, and for the external users authentication, you need to deploy ADFS proxy just as we talked before, thanks.  And if you don't use ADFS in the future, and only want to sync your AD users to Office 365 Azure AD with SSO experience, you could try to enable the Semless SSO feature with AAD connect ( Not your own SSO) and in this way, your Office 365 users would get a SSO experience from the domain-joined devices. For your reference Azure Active Directory Seamless Single Sign-On.  

    Please feel free to let me know if you have any other concerns, thanks.

    Regards,

    Oliver

    1 person found this answer helpful.
    0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2020-02-26T03:31:53+00:00

    Hello Julien,

    I am glad to help for your concern here.

    Based on the instrusture picture you provided above, first as far as I know if your own SSO provider service can be integrated with ADFS to authenticate Office 365 users sign in,  your schema is OK for Office 365 Intranet (internal network) authentication with ADFS. However, if you want your Office 365 users to be authenticated from external network with ADFS, as far as I know you must deploy ADFS proxy server for that just as you said above.  However, since you cannot deploy ADFS proxy server, the external authenticate requests cannot be delivered to your Intranet (ADFS), so you cannot make your external network users get authenticated with your ADFS. 

    Your understanding will be highly appreciated.

    Best Regards,

    Oliver

    0 comments
  2. Anonymous
    2020-02-26T06:10:06+00:00

    Thank you for your answer. 

    Yes I understand, but is it possible to use pass-through authentication but instead of using the AD to check authentication using my SSO ?

    Thank you.

    0 comments
  3. Anonymous
    2020-02-28T10:09:04+00:00

    Hello Julien,

    If you have any other concerns, please feel free to share with me, thanks.

    Best Regards,

    Oliver

    0 comments