Home

Office365 login with ADFS and public Email addresses

%3CLINGO-SUB%20id%3D%22lingo-sub-13967%22%20slang%3D%22en-US%22%3EOffice365%20login%20with%20ADFS%20and%20public%20Email%20addresses%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-13967%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3EWe%20have%20a%20scenario%20where%20a%20client%20wants%20to%20use%20private%20email%20addresses%20for%20login-credentials%20in%20Office%20365.%3C%2FP%3E%3CP%3EWe%20believe%20that%20we%20need%20to%20use%20ADFS%20for%20authentication%2C%20but%20not%20sure%20where%20to%20start%20to%20implement%20this%20for%20emailaddresses%20that%20might%20be%20john.doe%40hotmail.com%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20users%20only%20need%20to%20access%20sharepoint%2C%20prefarably%20via%20groups%2C%20and%20not%20using%20microsoft%20accounts.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnyone%20have%20any%20thoughts%3F%3C%2FP%3E%3CP%3EThanks%20in%20advance%3C%2FP%3E%3CP%3EDaniel%20Wahlgren%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-13967%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAuthentication%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EEducation%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-18888%22%20slang%3D%22en-US%22%3ERe%3A%20Office365%20login%20with%20ADFS%20and%20public%20Email%20addresses%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-18888%22%20slang%3D%22en-US%22%3E%3CP%3EI%20would%20take%20a%20close%20look%20at%20Azure%20B2B%20for%20this%20scenario%2C%20see%20%3CA%20href%3D%22https%3A%2F%2Fblogs.technet.microsoft.com%2Feducloud%2F2016%2F08%2F16%2Fazure-ad-b2b-walkthrough%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fblogs.technet.microsoft.com%2Feducloud%2F2016%2F08%2F16%2Fazure-ad-b2b-walkthrough%2F%3C%2FA%3Eto%20get%20started%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-18875%22%20slang%3D%22en-US%22%3ERe%3A%20RE%3A%20Office365%20login%20with%20ADFS%20and%20public%20Email%20addresses%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-18875%22%20slang%3D%22en-US%22%3E%3CP%3EI'd%20say%20technically%20this%20would%20probably%20be%20doable.%20You'd%20look%20at%20configuring%20this%20user%20to%20have%20the%20UPN%20%22john.doe%40hotmail.com%22%20and%20would%20have%20to%20modify%20the%20claims%20issuance%20rules%20to%20send%20a%20different%20value.%20Additionally%2C%20the%20user%20would%20have%20to%20have%20a%20password%20in%20your%20Active%20Directory%20against%20that%20object.%20Not%20pleasant.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETechnically%20doable%3F%20Probably.%20Clever%3F%20Probably%20not.%20This%20will%20introduce%20A%20LOT%20of%20complexity%2C%20pain%2C%20and%20lack-of-support%2C%20for%20minimal%20gain.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'd%20very%20strongly%20suggest%20reevaluating%20your%20requirements%20here.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EEDIT%3A%20To%20clarify%2C%20you%20could%26nbsp%3Bconfigure%20AD%20FS%26nbsp%3Bto%20do%20strictly%20what%20you've%20asked%2C%20but%26nbsp%3Bas%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3Bmentions%20above%2C%20using%20a%20public%20account's%20credentials%20against%20AD%20FS%20is%20not%20possible.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-14052%22%20slang%3D%22en-US%22%3ERE%3A%20Office365%20login%20with%20ADFS%20and%20public%20Email%20addresses%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-14052%22%20slang%3D%22en-US%22%3EPrivate%20meaning%20if%20the%20users%20could%20authenticate%20using%20John.doe%40hotmail.com%20and%20a%20password%20into%20our%20ADFS%2C%20which%20authenticates%20and%20logs%20the%20user%20into%20Office365%2C%20where%20the%20actual%20username%20may%20be%20John.doe%40tenant.onmicrosoft.com%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-14016%22%20slang%3D%22en-US%22%3ERe%3A%20Office365%20login%20with%20ADFS%20and%20public%20Email%20addresses%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-14016%22%20slang%3D%22en-US%22%3E%3CP%3EDefine%20%22private%22%3F%20If%20they%20are%20associated%20with%20some%20vanity%20domain%2C%20you%20need%20to%20verify%20the%20domain%20in%20O365%20and%20optionally%20setup%20password%20sync%20or%20AD%20FS.%20If%20you%20mean%20something%20like%20a%20google%20email%20address%2C%20no%2C%20it's%20not%20possible.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Daniel Wahlgren
New Contributor

Hi,

We have a scenario where a client wants to use private email addresses for login-credentials in Office 365.

We believe that we need to use ADFS for authentication, but not sure where to start to implement this for emailaddresses that might be john.doe@hotmail.com

 

The users only need to access sharepoint, prefarably via groups, and not using microsoft accounts.

 

Anyone have any thoughts?

Thanks in advance

Daniel Wahlgren

4 Replies

Define "private"? If they are associated with some vanity domain, you need to verify the domain in O365 and optionally setup password sync or AD FS. If you mean something like a google email address, no, it's not possible.

Private meaning if the users could authenticate using John.doe@hotmail.com and a password into our ADFS, which authenticates and logs the user into Office365, where the actual username may be John.doe@tenant.onmicrosoft.com

I'd say technically this would probably be doable. You'd look at configuring this user to have the UPN "john.doe@hotmail.com" and would have to modify the claims issuance rules to send a different value. Additionally, the user would have to have a password in your Active Directory against that object. Not pleasant.

 

Technically doable? Probably. Clever? Probably not. This will introduce A LOT of complexity, pain, and lack-of-support, for minimal gain. 

 

I'd very strongly suggest reevaluating your requirements here.

 

 

EDIT: To clarify, you could configure AD FS to do strictly what you've asked, but as @Vasil Michev mentions above, using a public account's credentials against AD FS is not possible.

I would take a close look at Azure B2B for this scenario, see https://blogs.technet.microsoft.com/educloud/2016/08/16/azure-ad-b2b-walkthrough/ to get started

Related Conversations
Teams error code - 6
damnit95 in Office 365 on
4 Replies
Email Domain for Posts to a Channel
Jim Hill in Microsoft Teams on
17 Replies
iOS Native VS Outlook
Daniel Schmidt in Microsoft Intune on
7 Replies
Receiving emails is delayed
Kristen_100 in Microsoft Teams on
1 Replies
Flow to extract attachments from Inbox
Pn1995 in PowerApps & Flow on
11 Replies