Forum Discussion
ADFS Behavior
Hi Experts,
I want to know/confirm some working behavior.
If I setup Microsoft ADFS in my environment with its all parameters so can my user inside organization will not prompt for password ? for example
If I am inside my company and authenticate with my local Active directory/ domain controller for my laptop and tried to open http://outlook.office365.com so i just need to enter my user account osama.mansoor@xcyz.com and then it will directly land me on Office365 portal page. Please correct me.
If I enabled MFA so in that case MFA access will be prompt.
However if i open http://outlook.office365.com outside my organization then ADFS page will appear and i need to enter user name and password or if i have enabled MFA so it will ask for MFA.
- Yes, with some nuances. Read here for detailed info: https://docs.microsoft.com/en-us/archive/blogs/abizerh/more-information-about-sso-experience-when-authenticating-via-adfs
- aliat_IMANAMIBrass ContributorYes, for intranet it can be done by using Windows integrated Authentication enabled in ADFS and in the browser i.e Internet Explorer to avoid being prompted for credentials. Windows integrated authentication can be set for Mozilla Firefox and Chrome also via ADFS power shell command-lets.
The ADFS URL should be added to the IE > Security >Intranet zones > sites. This is done because IE > security > Local Intranet > Security Settings > user authentication – logon is configured to use the logged in credentials for Intranet sites.
Ensure that IE > advanced > 'Enable Integrated Windows Authentication' is checked.When accessing applications from outside the organization, Form-Based Authentication is being used, because Windows Integrated Authentication can't be used. Mostly for the authentication for the apps both, inside or outside the organization, ADFS can be set for both Windows Integrated Authentication and Form-Based Authentication and users can be presented with both options inside the intranet.- osamamansoorBrass Contributoraliat_IMANAMI.
Thanks for the response.
Just clear me again after adopting ADFS Microsoft Team / One Drive will no longer prompt for Password update after changing Active Directory Password (Which is synced with Office 365 through AD Sync) ?- aliat_IMANAMIBrass ContributorTeams online and One drive online will not ask you for password change, as they are being synced but Teams client and OneDrive client will ask you for credentials again as they are clients. For OneDrive you may have to go to Credentials Manager and remove the old credentials and then may sync again for updated changes.