Friday, August 12, 2011

Why wouldn’t you federate to Office 365?

I don’t get it. Obviously I have blinders on. Apparently there are companies that prefer password synchronization – or nothing – between their corporate Active Directory and Office 365. Why?

Is it because setting up ADFS requires corporate ITs involvement? Is it because ADFS is perceived to be too difficult? Do they feel they are exposing their Active Directory on the internet so there’s a security risk?  I’m not getting clear answers when I try to dig into this. I’m having trouble understanding why a company wouldn’t want to enable single sign-on. Do they not understand the benefits of single sign-on from the perspective of reducing password confusion, reducing helpdesk calls, etc?

Have any of you run into this? What’s your experience?

3 comments:

Dave Colvin - Personal Thoughts said...

I am just working for an organisation that was unable to get the outsource provider to upgrade to AD forest function level to 2003 due to the possibility or issues with unknown business applications.

It would be impossible to get to 2008 and federate with the outsorce partner still running IT.

Dave Colvin - Personal Thoughts said...

I am just working for an organisation that was unable to get the outsource provider to upgrade to AD forest function level to 2003 due to the possibility or issues with unknown business applications.

It would be impossible to get to 2008 and federate with the outsorce partner still running IT.

Jackson Shaw said...

Dave - I don't know exactly where the truth lies but what I have read so if your providers aren't at '03 SP1 or better...

For AD FS 2.0 to operate successfully, domain controllers in either the account partner organization or the resource partner organization must be running Windows Server 2003 SP1, Windows Server 2003 R2, or Windows Server 2008.

Schema requirements

AD FS 2.0 does not require schema changes or functional-level modifications to AD DS.
Functional-level requirements

AD FS 2.0 does not require AD DS functional-level modifications to operate successfully.