+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 18
Cloud Services Thread, Office 365 with SSO in 2 weeks in Technical; Hi, I've just been told by the head that our new email system must be in place in 2 weeks. ...
  1. #1

    Join Date
    Feb 2009
    Location
    Suffolk, UK
    Posts
    121
    Thank Post
    22
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Office 365 with SSO in 2 weeks

    Hi, I've just been told by the head that our new email system must be in place in 2 weeks.
    I've said that's not possible due to my own limitations of knowledge and other work commitments.

    Can I get some pointers please?

    I have created an account some time back and manually added users but obviously these can be simply deleted.

    I'd like staff take up to be high, one issue will be the ever increasing moan about password changing.
    My worry is staff will not use whatever I supply unless SSO is introduced.

    I've read as much as I can, now my head hurts!

    I do not want to be reliant on our servers / connection for email login which I gather is the case with ADFS?
    Is there a way around this? What exactly is Dirsync, is that added after ADFS?
    Is Windows Azure going to be the answer - is there something in the pipeline? Should I convince our head to wait? What might the costs be?

    I really have so much on at the moment that I do not need this added to everything else.
    There is an expectation that these things 'can just happen' that I'm sure we all have to cope with - it's getting a tad too much now.

    It's just me here with a lot of staff who only just manage to change a print cartridge - but still that entails considerable moaning!

    Also if I do manage to get SSO set up and a sync with our AD I assume I am able to choose with users have email accounts and which do not?

    Cheers

  2. #2
    themightymrp's Avatar
    Join Date
    Dec 2009
    Location
    Leeds, West Yorkshire
    Posts
    1,204
    Thank Post
    212
    Thanked 223 Times in 192 Posts
    Rep Power
    72
    I've just finished getting our Office 365 with SSO setup, and its taken a while to fumble my way through it! 2 weeks is possible if you know the system but if you are like me (had no prior knowledge of O365) then I would expect it to take longer.

    To answer some of your questions:

    1) Dirsync will synchronise your AD accounts into Office 365, it will not however transfer any kind of password information. I believe it can be run without ADFS in place and will just keep your accounts up to date when new users join the school. You will have to provide passwords to users, activate their accounts AND assign them user licenses. This can be a pain and is probably best done via Powershell for bulk users

    2) There is a paid-for feature offered by a third party company which will remove the need for installing ADFS on your network for SSO (will have to search my previous posts for it). They basically host a virtual DC for you which replicates with your onsite DC. If your schools internet connection goes down, users can still authenticate with their hosted DC

    3) If you get ADFS setup for SSO, yes you can pick which users have email access or not. You do this via the license assignment in 365. When you view the Exchange properties of a user you can assign them a licence. If, like me, you choose the completely free A2 Education package then you would select whether the user had a Student A2 license or a Faculty A2 license. Within that are tick-box options as to what features you give them, namely Exchange (email), SharePoint (Skydrive Pro), Office Web Apps (for editing directly within Skydrive) and Lync. If you don't tick it, they don't get it! I have only rolled out email so far with a view to add Skydrive at a later date.

    If you need some guidance on the ADFS / SSO stuff I will try and provide the info for what I did (you will NEED to obtain an SSL certificate for the server hosting ADFS!!)

  3. Thanks to themightymrp from:

    klop (24th May 2013)

  4. #3
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,765
    Thank Post
    898
    Thanked 417 Times in 350 Posts
    Blog Entries
    12
    Rep Power
    87
    My advice is to forget about SSO for now. We just exported the usernames from active directory and gave them a temporary password which they changed on login.

    Works really well so far.

    We set ours up in about 4 days so it shouldn't be too hard.

  5. Thanks to zag from:

    klop (24th May 2013)

  6. #4
    themightymrp's Avatar
    Join Date
    Dec 2009
    Location
    Leeds, West Yorkshire
    Posts
    1,204
    Thank Post
    212
    Thanked 223 Times in 192 Posts
    Rep Power
    72
    I admit, much of the time I spent on it was getting the SSO to work correctly. Doing as mentioned above would be much quicker! You can then fine-tune rules and policies etc over time rather than inside your 2 week window

  7. #5

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,212 Times in 761 Posts
    Rep Power
    394
    One thing to consider is that if staff use the desktop Outlook client, it will save the Office 365 password when the account is set up and they will rarely have to enter it again.

  8. #6

    Join Date
    Feb 2009
    Location
    Suffolk, UK
    Posts
    121
    Thank Post
    22
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Cheers for the help so far.

    Dropping SSO has got to be an option.
    If staff then choose not to use it, well that's their choice.

    Expecting something set up so quickly along with my other work commitments (I cannot allocate time to just Office 365) I think is asking too much.

    Does office365 not request password changes every x days, I thought it did?

    Thanks again.

  9. #7
    themightymrp's Avatar
    Join Date
    Dec 2009
    Location
    Leeds, West Yorkshire
    Posts
    1,204
    Thank Post
    212
    Thanked 223 Times in 192 Posts
    Rep Power
    72
    You can use Powershell to set passwords to never expire. Copied from O365 help documentation:

    Code:
    Set a password to never expire 
    1.Connect to Windows PowerShell by using your company admin credentials.
    2.Do one of the following:
    To set the password of one user to never expire, run the following cmdlet by using the UPN or the user ID of the user:
    
    Set-MsolUser -UserPrincipalName <user ID> -PasswordNeverExpires $true
    To set the passwords to never expire for all the users in an organization, run the following cmdlet:
    
    Get-MSOLUser | Set-MsolUser -PasswordNeverExpires $true

  10. Thanks to themightymrp from:

    AngryTechnician (24th May 2013)

  11. #8

    Join Date
    Feb 2009
    Location
    Suffolk, UK
    Posts
    121
    Thank Post
    22
    Thanked 1 Time in 1 Post
    Rep Power
    0
    That's cool cheers - although password changes does make sense. Perhaps till we do setup a sync with both usernames and passwords a static password would be fine.

    Just a thought though, if I create users without using dirsync if/when I do want to setup SSO or just a sync of usernames and passwords (which would be more than fine for us here to be honest) and sync from AD will new accounts be created, or will it see those AD users already exist and sync with them?

    Should I run dirsync without ADFS for now, which will at the very least sync users?

  12. #9

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,212 Times in 761 Posts
    Rep Power
    394
    Pre-existing users that match an AD record will be 'adopted' by DirSync if and when you start using it. If I remember correctly it matches on the email address field.

    Personally I had a new virtual server with DirSync up and running within a day, and that was with the added complication of using Server 2012 for the first time. The docs make it look daunting (like almost all MS technical documentation) but once you actually sit down and do it, implementing DirSync without SSO is pretty straightforward.

  13. Thanks to AngryTechnician from:

    klop (24th May 2013)

  14. #10
    clarky2k3's Avatar
    Join Date
    Nov 2007
    Location
    Northumberland
    Posts
    318
    Thank Post
    35
    Thanked 47 Times in 39 Posts
    Rep Power
    24
    We were in exactly the same situation and stumbled upon okta which was an amazing piece of software!

  15. 2 Thanks to clarky2k3:

    AngryTechnician (24th May 2013), plexer (24th May 2013)

  16. #11

    Join Date
    Feb 2009
    Location
    Suffolk, UK
    Posts
    121
    Thank Post
    22
    Thanked 1 Time in 1 Post
    Rep Power
    0
    That's great news - thanks.

    I'm term time only so iff next week - will look into setting it up then.

    may be back for more info, but again thank you everyone for pointers and advice

  17. #12

    Join Date
    Feb 2009
    Location
    Suffolk, UK
    Posts
    121
    Thank Post
    22
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Quote Originally Posted by clarky2k3 View Post
    We were in exactly the same situation and stumbled upon okta which was an amazing piece of software!
    That looks very interesting - shall have a look at that in the holls - thanks

  18. #13

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,612
    Thank Post
    648
    Thanked 1,618 Times in 1,448 Posts
    Rep Power
    421
    There's also iamcloud.com

    Ben

  19. #14
    themightymrp's Avatar
    Join Date
    Dec 2009
    Location
    Leeds, West Yorkshire
    Posts
    1,204
    Thank Post
    212
    Thanked 223 Times in 192 Posts
    Rep Power
    72
    Quote Originally Posted by plexer View Post
    There's also iamcloud.com
    That's the one I was trying to remember earlier!! Cheers

  20. #15

    Join Date
    May 2013
    Posts
    1
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    I recommend considering RM Unify too.

  21. Thanks to jbrowning22 from:

    funkyfin2000 (19th July 2013)

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Office 365 ADFS SSO Problem
    By Norphy in forum Cloud Services
    Replies: 7
    Last Post: 18th September 2013, 04:23 PM
  2. Office 365 with SSO availability question
    By themightymrp in forum Cloud Services
    Replies: 33
    Last Post: 9th May 2013, 12:27 PM
  3. SSO with Office 365
    By dezt in forum Cloud Services
    Replies: 25
    Last Post: 9th December 2012, 08:23 PM
  4. Office 365 and SSO
    By Simcfc73 in forum Cloud Services
    Replies: 1
    Last Post: 10th November 2012, 12:31 AM
  5. Replies: 9
    Last Post: 16th April 2011, 06:22 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •