Forum Discussion

Stephen Bell's avatar
Stephen Bell
Iron Contributor
Dec 06, 2017
Solved

ADFS and SSO for Exchange Online

I hope this is the right spot for this post...   We have Office 365 E3 in our environment, setup using ADFS.  All of our email is in Exchange Online.   Because of this - when a user opens up ...
Authentication
exchange
office 365
  • geoperkins's avatar
    geoperkins
    Mar 15, 2019

    Our organization was able to solve this problem and I documented the solution over on https://social.technet.microsoft.com/Forums/en-US/79c2050b-9977-4524-83a5-eb47d86e2f96/bypass-adfs-sso-url-side-door-into-portalofficecom?forum=ADFS ("https://social.technet.microsoft.com/Forums/en-US/79c2050b-9977-4524-83a5-eb47d86e2f96/bypass-adfs-...) Stephen Bell 

VasilMichev's avatar
VasilMichev
MVP
Dec 06, 2017

They are effectively logging in with the current windows credentials, as per the "magic" bit. Either disable the WIA auto-login in the browser options on those devices or remove the AD FS URL from the Intranet zone.

Stephen Bell's avatar
Stephen Bell
Iron Contributor
Dec 27, 2017

I think I have this done -- 

 

I removed our ADFS URL from the intranet zone, removed the internal DNS record that points to the inside of the ADFS environment.  I now ping from this client and get an external IP address.

 

The WIA (or IWA? - I've seen it both ways??) - I went into IE on one of the clients, Security Tab --> Custom Level --> Login --> Prompt for user name and password.  

 

Rebooted the PC 2 times and I am still getting auto login for my OWA url?  What am I missing?

 

Thanks

Steve

Resources