Forum Discussion
Suppression of SSO from the architecture
My client wants to remove SSO from its architecture, as well as ADFS. Without subscribing to the Azure AD Connect solution. If possible, he would like the maximum configuration to be possible from the Office 365 administration center. To do this, he would first like to make an impact study of the removal of SSO and ADFS. Can you assess the impact on current operations? What would be the risks of incidents? Alternatives in Office 365 configurations? What details of information should we collect and check before any change ?
- Mark LewisBrass Contributor
gwendal55You can use Azure AD only, without using AD. It's entirely possible. But without AAD Connect (or AAD Cloud Provisioning), you would have to manually manage users in two separate directories. Users would potentially end up with two passwords to use.
Is the goal to go cloud only for authentication or will you still required Active Directory?
- gwendal55Copper Contributor
The architecture is with one-way synchronization. Any creation or modification must be done in the AD and it is synchronized afterwards in Office 365. Management is done from the AD. The customer wants to install a secure gateway to authenticate users with an HR number before they access Office 365. Suddenly all other solutions are excluded (Azure AD Connect, SSO, ADFS). Users will not have two passwords, but authentication with a password and an HR number. Regards, Gwendal IDOT.
- Vikram VBrass Contributorgwendal55 - you can get rid of ADFS and still keep SSO and authenticate on premise with Azure AD Connect. Search for Passthru Authentication.
I am not clear on your point about Secure Gateway and authenticate via HR system. HR system can act as identity source, but you don't have to rip apart your whole Azure AD Connect infra for it. Depending on which HR system, you might be able to fit it right in. (Look for Azure AD identity inbound provisioning).
Hope this helps.
Vik