Forum Discussion

gperkins's avatar
gperkins
Copper Contributor
Feb 26, 2019

Vasil,

You state "you can disable WIA/autologin by removing the AD FS URL from the local zone" I assume you mean using settings in the IE11 browser, and the local Intranet zone?  These are set by group policy and blocked. So going back to Gurdev's question, that implies a non-domain workgroup computer which has no group policy. Is there no other method?

 

For example, our situation, we have many ADFS federated partner websites besides Office365. We want the locally loggedin non-privileged user to continue to have single signon to all those sites, including Office365. But also have the ability, as in Gurdev's question, to occasionally specify alternative credentials. One of the ADFS partner's allows, this, namely ServiceNow. They offer an alternate URL called side_door. That URL allows the user to specify a different user and password. Does Office 365 have a "side door" alternative URL?

geoperkins's avatar
geoperkins
Brass Contributor
Mar 15, 2019

Our organization was able to solve this problem and I documented the solution over on https://social.technet.microsoft.com/Forums/en-US/79c2050b-9977-4524-83a5-eb47d86e2f96/bypass-adfs-sso-url-side-door-into-portalofficecom?forum=ADFS (https://social.technet.microsoft.com/Forums/en-US/79c2050b-9977-4524-83a5-eb47d86e2f96/bypass-adfs-sso-url-side-door-into-portalofficecom?forum=ADFS)  gperkins 

Resources