Mar 23 2017
- last edited on
Jan 14 2022
We have an on-prem ADFS which is configured to federate with couple of partner organizations. The federated authentication with both our partners works well in On-Prem. Now we want to use this ADFS as authentication mechanism for Office 365.
Is this the correct understanding?
Mar 23 2017 06:11 AM
You should not use your ADFS to authenticate partner users because you will need to validate their domain on your Office 365 as an accepted and validated domain.
Mar 24 2017 03:33 AM
Thanks Nuno for your quick response!
Can you point me to an article where this or similar kind of scenario is explained in detail? I couldn't find any good resource/documentation around this scenario and i believe this must be quite common requirement for many big enterprises.
Mar 24 2017 05:28 AM
I think there is no article of that, but you can only validate your domains on Office 365 not your partner and that is a requisite of ADFS.
Bellow is an article of implementing ADFS https://blogs.technet.microsoft.com/rmilne/2014/04/28/how-to-install-adfs-2012-r2-for-office-365/
Jun 13 2017 01:31 AM
@Atul Moghe Did you get any solution for this scenario.
Jun 13 2017 08:50 PM
Jun 13 2017 08:50 PM
Nov 17 2017 06:25 AM
Easiest implementation would be your partners also sync their users to Azure AD. Then you can invite them as a guest to your tenant and then they will be available to add a users in Office 365.
Nov 19 2017 10:02 PM
I would sync your users to Azure AD and simply invite your partners' users to SharePoint sites. If done so, the answers are as follows:
For security reasons, I suggest that you run the following PowerShell command in your tenant. It forces the external users to login with the same email address the invitation was sent to.
Set-SPOTenant -RequireAcceptingAccountMatchInvitedAccount $true
Nov 24 2017 08:37 AM
Nov 29 2017 08:11 PM
Nov 29 2017 08:36 PM
Nov 29 2017 09:16 PM
The term federation means many things in Office 365/Azure AD, so I think we are simply talking about different things here.
What I meant by federation is that you either create a new federated domain to Office 365 or convert an existing one to federated:
# Create a new federated domain New-MsolFederatedDomain -DomainName mydomain.com # Convert a domain to federated Convert-MsolDomainToFederated -DomainName mydomain.com
This naturally requires that the domain is registered to that Office 365 tenant. Moreover, what the federation does is that it only authenticates the user. To log in and use Office 365 services, there must be a matching user object in the Office 365 tenant.
I suppose by federation you meant something like Azure B2B Collaboration?
Nov 30 2017 04:59 AM