Home

Question on SAML authentication

%3CLINGO-SUB%20id%3D%22lingo-sub-670698%22%20slang%3D%22en-US%22%3EQuestion%20on%20SAML%20authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-670698%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Community%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOne%20of%20our%20customer%20raised%20the%20below%20environment%20and%20raised%20couple%20of%20queries.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3ECurrent%20environment%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26gt%3B%26gt%3B%20AAD%20sync%20that%20syncs%20Office%20365%20proplus%20%2B%20AD%20attributes%20to%20Office%20365%3C%2FP%3E%3CP%3E%26gt%3B%26gt%3B%20MX%20is%20pointing%20to%20MIMEcast.%3C%2FP%3E%3CP%3E%26gt%3B%26gt%3B%20Mailboxes%20are%20currently%20hosted%20with%20Exchange%20on-prem%202013%3C%2FP%3E%3CP%3E%26gt%3B%26gt%3B%20Citrix%20NetScaler%20in%20place.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EPlan%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26gt%3B%26gt%3B%20Plans%20to%20deploy%20Exchange%20Hybrid.%3C%2FP%3E%3CP%3E%26gt%3B%26gt%3B%20Then%20move%20the%20mailboxes%20to%20EXO%3C%2FP%3E%3CP%3E%26gt%3B%26gt%3B%20Then%20completely%20decommission%20Hybrid%20and%20Keep%20an%20on-prem%20exchange%20for%20administrative%20tasks%3C%2FP%3E%3CP%3E%26gt%3B%26gt%3B%20MX%20is%20still%20going%20to%20MIMECast%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EQuestions%3A%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1)%20How%20will%20the%20SAML%20authentication%20be%20handled%20from%20an%20outlook%20client%20on%20BYOD%20devices%20(phones%2C%20Tablets)%20and%20home%20PCs%3F%20Both%20internal%20and%20External.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E2)%20If%20they%20have%20a%20shared%20RDS%20server%20with%20Outlook%20installed%20will%20they%20still%20be%20able%20to%20access%20and%20use%20the%20service%20with%20same%20security.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E3)%20If%20they%20were%20to%20use%20MFA%20-%20they%20will%20be%20required%20to%20use%20the%20application%20password%20-%20Can%20we%20have%20application%20password%20per%20online%20service%20or%20is%20it%20one%20password%20per%20user%20for%20all%20online%20service%3F%20%26nbsp%3BMeaning%20that%20there%20are%20scenarios%20where%20in%20SAML%20may%20not%20work%20on%20outlook%2C%20or%20RDS%20servers%20and%20it%20might%20require%20application%20password%2C%20In%20those%20scenarios%2C%20if%20we%20are%20forced%20to%20application%20password%2C%20is%20this%20same%20for%20one%20user%3F%20(%20For%20all%20the%20applications%20such%20as%20outlook%20client%2C%20RDS%20server%20etc%20)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20pointers%20would%20be%20of%20great%20help.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMany%20thanks%20in%20advance.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-670698%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EQuestion%20on%20SAML%20authentication%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Newlife
Contributor

Hi Community,

 

One of our customer raised the below environment and raised couple of queries.

 

Current environment

 

>> AAD sync that syncs Office 365 proplus + AD attributes to Office 365

>> MX is pointing to MIMEcast.

>> Mailboxes are currently hosted with Exchange on-prem 2013

>> Citrix NetScaler in place.

 

Plan

 

>> Plans to deploy Exchange Hybrid.

>> Then move the mailboxes to EXO

>> Then completely decommission Hybrid and Keep an on-prem exchange for administrative tasks

>> MX is still going to MIMECast

 

Questions:

 

1) How will the SAML authentication be handled from an outlook client on BYOD devices (phones, Tablets) and home PCs? Both internal and External.

 

2) If they have a shared RDS server with Outlook installed will they still be able to access and use the service with same security.

 

3) If they were to use MFA - they will be required to use the application password - Can we have application password per online service or is it one password per user for all online service?  Meaning that there are scenarios where in SAML may not work on outlook, or RDS servers and it might require application password, In those scenarios, if we are forced to application password, is this same for one user? ( For all the applications such as outlook client, RDS server etc )

 

Any pointers would be of great help.

 

Many thanks in advance. 

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
50 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
32 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
15 Replies
Discussion - Updating our interface with Fluent touches
Elliot Kirk in Discussions on
102 Replies