Forum Discussion

osamamansoor's avatar
osamamansoor
Brass Contributor
Sep 03, 2021

ADFS Behavior

Hi Experts,

I want to know/confirm some working behavior.

If I setup Microsoft ADFS in my environment with its all parameters so can my user inside organization will not prompt for password ? for example 

 

If I am inside my company and authenticate with my local Active directory/ domain controller for my laptop and tried to open http://outlook.office365.com so i just need to enter my user account osama.mansoor@xcyz.com and then it will directly land me on Office365 portal page. Please correct me.

 

If I enabled MFA so in that case MFA access will be prompt.

 

However if i open http://outlook.office365.com outside my organization then ADFS page will appear and i need to enter user name and password or if i have enabled MFA so it will ask for MFA. 

 

  • aliat_IMANAMI's avatar
    aliat_IMANAMI
    Brass Contributor

    osamamansoor 

     

    Yes, for intranet it can be done by using Windows integrated Authentication enabled in ADFS and in the browser i.e Internet Explorer to avoid being prompted for credentials. Windows integrated authentication can be set for Mozilla Firefox and Chrome also via ADFS power shell command-lets.
    The ADFS URL should be added to the IE > Security >Intranet zones > sites. This is done because IE > security > Local Intranet > Security Settings > user authentication – logon is configured to use the logged in credentials for Intranet sites.
    Ensure that IE > advanced > 'Enable Integrated Windows Authentication' is checked.
     
    When accessing applications from outside the organization, Form-Based Authentication is being used, because Windows Integrated Authentication can't be used. Mostly for the authentication for the apps both, inside or outside the organization, ADFS can be set for both Windows Integrated Authentication and Form-Based Authentication and users can be presented with both options inside the intranet.
    • osamamansoor's avatar
      osamamansoor
      Brass Contributor
      aliat_IMANAMI.

      Thanks for the response.

      Just clear me again after adopting ADFS Microsoft Team / One Drive will no longer prompt for Password update after changing Active Directory Password (Which is synced with Office 365 through AD Sync) ?
      • aliat_IMANAMI's avatar
        aliat_IMANAMI
        Brass Contributor
        Teams online and One drive online will not ask you for password change, as they are being synced but Teams client and OneDrive client will ask you for credentials again as they are clients. For OneDrive you may have to go to Credentials Manager and remove the old credentials and then may sync again for updated changes.

Resources