The Keys to Office 365 Success: Federated Services and Single Sign On
It’s no secret that the new shiny versions of Exchange Online, SharePoint Online, and Lync Online in the cloud will generate interest in the Microsoft Online Services - Office 365 offering when it is released. But I believe a critical key to its success will be in the feature that most IT pros will like the most –Active Directory Federated Services 2.0 (ADFS).
So what is ADFS?
ADFS is the ability to have your internal active directory database control the cloud users that leverage MS Online services. Your users, passwords and Account policies will be managed locally in your domain without having to duplicate that same effort in the cloud.
The benefit to users is single sign-on: They use their corporate credentials to access the services in Office 365 to which your company has subscribed. Users don’t have to sign in again and remember multiple passwords.
What about IT pros?
Imagine having two hundred users that you support for cloud services. Your excitement fades quickly when you realize you have to manage those users’ BPOS accounts separately from your Active Directory (AD) accounts. Even with mass uploads your average IT pro doesn’t want to duplicate effort. And honestly, managing those accounts in a browser isn’t nearly as easy as using Windows AD tools. Here is what you get:
- Policy control: The administrator can control account policies through Active Directory, which gives the administrator the ability to manage password policies, workstation restrictions, lock-out controls, and more, without having to perform additional tasks in the cloud.
- Access control: The administrator can restrict access to Office 365 so that the services can be accessed through the corporate environment, through online servers, or both.
- Reduced support calls: Forgotten passwords are a common source of support calls in all companies. If users have fewer passwords to remember, they are less likely to forget them.
- Security: User identities and information are protected because all of the servers and services used in single sign-on are mastered and controlled on-premises.
- Support for strong authentication: You can use strong authentication (also called two-factor authentication) with Office 365. However, if you use strong authentication, you must use single sign-on. There are restrictions on the use of strong authentication.
Of course there is configuration involved, and requirements:
- Active Directory deployed and running in Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2 with a functional level of mixed or native mode.
- Plan for and deploy ADFS 2.0 on Windows Server 2008 or Windows Server 2008 R2. Also, if the user is connecting from outside your company’s network, you must deploy an Active Directory Federation Services 2.0 proxy.
- Use the Microsoft Online Services Identity Federation Management tool to establish a trust with Office 365.
So thank you, Office 365 ADFS 2.0. You’ll make many users and IT pros very happy.
Interested in learning how Microsoft Office 365 can power your business and boost productivity? Access some of our recorded educational webinars to find out more!