Another (Cloud) Tip…Federated vs. Managed Users

By Evan Basalik

Office 365 authentication has the concept of two types of users – federated and managed.

Federated users are ones for whose authentication Office 365 communicates with an on-premises federation provider (ADFS, Ping, etc) that then talks to an on-premises authentication directory (i.e., Active Directory or other directories) to validate a user’s credentials. This authentication redirect is relatively transparent to the user other than the fact that they might see their organizations federation sign-on page.

Managed users are cloud-only user and they only exist inside Windows Azure Active Directory. In this scenario, user log in via the Office 365 portal and provide credentials that are different than their on-premises credentials. In this scenario, some customer use Directory Synchronization (DirSync) to keep their on-premises users’ properties in sync with their on-premises directory, but don’t federate them.

Although there is less complexity with managed users, it does bring with it the need to remember another set of credentials except for the subset of customers who have adopted Password Synchronization. Those users leverage Password Synchronization to make sure the cloud and on-premises credentials are the same.