Forum Discussion

Deleted

Sep 19, 2017

AD FS failover login to Office 365

Newbee here, We have an O365 environment where we log in to O365 via AD FS. We have had many unplanned outage (not controlled by IT and many more scheduled) which has taken down power to our data c...

MVP

Sep 20, 2017

Hi Nathan,

You should have a high availability solution for AD FS with load balances AD FS and AD FS proxy servers. You can switch from single sign-on to password sync manually during an outage to give your users access to Office 365 applications. Or you can enable password sync as a backup option if single sign-on won't work.

You can find more information here: https://social.technet.microsoft.com/wiki/contents/articles/17857.dirsync-how-to-switch-from-single-sign-on-to-password-sync.aspx

https://www.edx.org/course/manage-office-365-identities-microsoft-cld243x

- Dominik

VasilMichev
MVP
Sep 20, 2017
Better yet, as your organization doesnt seem to have the operational maturity to use AD FS, consider switching to Pass-trhough auth (https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication). It offers almost all benefits of AD FS, with greatly reduced on-premises footprint.
- Shane Jackson
  Copper Contributor
  Sep 20, 2017
  I agree. Pass Through Authentication worth considering too. Just be sure to check the supported / unsupported scenarios, especially if using legacy Office client applications (Office 2013 or earlier)
  
  https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication-current-limitations