Forum Discussion
Azure AD Connect and On-Prem ADFS federated with multiple partner organization
Scenario: We have an on-prem ADFS which is configured to federate with couple of partner organizations. The federated authentication with both our partners works well in On-Prem. Now we want to use ...
I'd assume they wouldn't want them using a Microsoft account for account management purposes. You can signup for a Microsoft account with any email address. If they do it with their work email address, two things would happen that would be issues with a lot of organizations. 1. It would be a separate account with a separate password. 2. If they left the partner company, they would still be able to login with the Microsoft account after the company partner account is deactivated or password changed.
The partner would need their own Azure AD with on-prem accounts synced or their own ADFS and you would federate your Azure AD with that.
The partner would need their own Azure AD with on-prem accounts synced or their own ADFS and you would federate your Azure AD with that.
Good point, it would be better from the management point-of-view to have all users in Azure AD in partner's own tenant.
However, there is no need to federate anything, Office 365 takes care of authentication. Besides, if the partner is already using Office 365, their domain is registered to their tenant it cannot be federated to other tenants.
However, there is no need to federate anything, Office 365 takes care of authentication. Besides, if the partner is already using Office 365, their domain is registered to their tenant it cannot be federated to other tenants.