Single Sign On

Question

Is your organization headed towards single-sign on? Check out this new documentation on Azure Active Directory Seamless Single Sign-On.
&nbsp;
Here are a few highlights:

Easy to deploy &amp; administer - No additional components needed on-premises to make this work
Seamless SSO can be combined with either the&nbsp;Password Hash Synchronization&nbsp;or&nbsp;Pass-through Authentication&nbsp;sign-in methods.
Seamless SSO can be enabled via Azure AD Connect

Seamless SSO is an opportunistic feature. If it fails for any reason, the user sign-in experience goes back to its regular behavior – (i.e., the user needs to enter their password on the sign-in page)

andrew read · Answer

Hi Christopher,&nbsp;Have you considered removing the requirement to reset passwords for users that have MFA enabled?&nbsp;NIST have release guidance regarding not enforcing password resets; only initiating if an event requires this (password forgotten, password phished.....).&nbsp;Andrew

deleted · Answer

been thinking about that honestly. I use MFA and all my 365 admins do and the app approval works great, especially with Apple watch =). But things like requiring apppasswords to sync contacts with your iphone etc. are kind of a deal breaker. Hoping they somehow make the Outlook app sync the contacts to the phone, until then MFA is kind of problematic.

pklapwijk · Answer

The Outlook app pushes the contacts to your devices contact list since latest updates: https://blogs.office.com/en-us/2017/06/05/improving-people-in-outlook-for-ios-and-android/

deleted · Answer

Yeah, serious, I've tried it, it sucks. All it does is imports your contacts. To update your contacts you have to turn it off (delete all your contacts) and then turn it back on. It's no way shape or form a real sync. Not to mention compared to activesync built into the phone you do not get your photos etc. either on your contacts. It's very lacking currently.&nbsp;

deleted · Answer

This tech has been amazing since deploying it. If the apps would better use it for auto login we would be set. Like during password changes outlook still seems to have some odd side effects. But overall not having to login every time people visit office 365 apps is nice and works flawlessly so far.

Forum Discussion

Single Sign On

7 Replies