SSO in Office 365 ProPlus with SCA (Shared Computer Activation)

Question

Hello,&nbsp;I find very little information on SSO into Office 365 ProPlus when it is deployed using SCA.&nbsp;Should it be possible for a user to log into Windows (domain joined, AADSync, no roaming profiles)and be logged in automatically into Office ProPlusor&nbsp;will he always have to enter his credentials as well in Office ProPlus (deployed using SCCM with Shared Computer Activation)?&nbsp;Bart

bill hughes · Answer

With Shared Computer Activation the user is always prompted for their username on first launch.

With Federated Authentication (SSO) it is possible to remove the requirement for them to enter their password and only require them to enter their username at which point the authentication dialog will redirect them to your federated sign on page which would automatically sign them in. If however a individual users first use on a machine occurs outside the network this would not happen as most federated authentication deployments present forms based authentication to all external off network devices. (Remote Desktop is generally still inside the network from a federated authentication perspective)

The SCA first time user experience is documented here: https://technet.microsoft.com/en-us/library/dn782860.aspx#How shared computer activation works for Office 365 ProPlus

sonia cuff · Answer

In addition to Bill's comments, that log in and activation should only appear on first use.

The licensing token system means every time after that, the background process will contact the licensing server and attempt to renew the token in the backgorund, without the need for additional username and password entering by the user.

-Sonia

bart_vermeersch · Answer

Thank you the feedback!&nbsp;That would be very unfortunate because the reason of using SCA is that users are always using another PC to work on. So If I understand it correctly, they will always have to go through the Office authentication flow?&nbsp;In the documentation I found and also on the video about Office deployment, the message is given that the user is authenticated automatically in the background without dialog:&nbsp;If your environment is configured to synchronize Office 365 and network user accounts, then the user probably won't see any prompts. Office 365 ProPlus should automatically be able to get the necessary information about the user's account in Office 365.&nbsp;From https://technet.microsoft.com/en-us/library/dn782860.aspx&nbsp;The same message is said in the MVA video: https://mva.microsoft.com/en-US/training-courses/solving-office-365-client-deployment-scenarios-9086?l=suttZBf4_2304984382at 00:34:00 but they don't succeed in demoing it... "With ADFS it will be seamless, you won't be prompted for a login"&nbsp;

madhu perera · Answer

Hi Sonia,&nbsp;We have deployed Office 365 ProPlus on Remote Desktop Servers for few of our clients. All of them are&nbsp;getting prompted to re-authenticate every now and then. One&nbsp;of the clients has no proxy&nbsp;either but they are always prompted to&nbsp;re-authenticate every 30-40 days on their terminal server.&nbsp;&nbsp;Have you&nbsp;seen or heard about this behaviour before? It is a pain for the clients with a large number of Terminal Server users.&nbsp;Thanks in advance.&nbsp;Madhu

pklapwijk · Answer

Hi Madhu PereraSeen this article? https://technet.microsoft.com/en-us/library/dn782859.aspxIf using roamig profiles, exclude this location \AppData\Local\Microsoft\Office\16.0\Licensing and don`t use %localAppData%\Microsoft\Office\16.0\Licensing to excludeHave seen license issues on RDS farm at a customer, who was excluding %localAppData%\Microsoft\Office\16.0\Licensing on request of a Microsoft engeineer, when changed to \AppData\Local\Microsoft\Office\16.0\Licensing it al worked fine.

Forum Discussion

SSO in Office 365 ProPlus with SCA (Shared Computer Activation)

9 Replies

Resources