+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 17
Cloud Services Thread, Office 365 + ADFS + iOS Apps in Technical; Hi, I have Office 365 setup with ADFS for authentication. I have tried logging into the new iOS apps that ...
  1. #1

    Join Date
    Aug 2005
    Location
    Shropshire
    Posts
    299
    Thank Post
    17
    Thanked 11 Times in 8 Posts
    Rep Power
    21

    Office 365 + ADFS + iOS Apps

    Hi,

    I have Office 365 setup with ADFS for authentication. I have tried logging into the new iOS apps that have been released for Office 365 / SkyDrive / Lync etc but I am unable to connect to any of them. Is there something in place that doesn't allow you to use these Apps if you are running ADFS?

    If so, are there any work arounds or are Microsoft addressing the issue?

    Thanks

    Matt

  2. #2

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,342
    Thank Post
    405
    Thanked 652 Times in 595 Posts
    Rep Power
    188
    Are they supported on the Academic plans? Worth checking.

  3. #3

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,075
    Thank Post
    160
    Thanked 937 Times in 731 Posts
    Blog Entries
    3
    Rep Power
    275
    I am not aware of any problems with the Mobile Apps available from the Apple Store. Please ensure that you are using your correct Universal Principal Name & Password associated with your Active Directory User Account. You need to ensure that with the Lync Application for example that your SIP Address is typed in correctly which is normally your Email Address and that the Username is your UPN. You may find these are different depending on how you have configured your AD User Objects UPN Attribute.

    Also, for the Lync Application ensure the SRV records are in place etc. and all associated A / CNAME Records are in place.

    Kindest Regards,
    James.

  4. #4

    Join Date
    Aug 2005
    Location
    Shropshire
    Posts
    299
    Thank Post
    17
    Thanked 11 Times in 8 Posts
    Rep Power
    21
    I've just tried again using the Skydrive Pro for Office 365 App and it will not let me login to it using an ADFS account, using a non- ADFS account is fine! Any ideas?!?

    There are no options on the Apps login screen other than username and password!

    I've also tried the Lync app making sure the Sip address / username / UPN etc are all correct and it won't log anyone in!

    Any ideas?

    Thanks

    Matt

  5. #5
    dezt's Avatar
    Join Date
    Dec 2005
    Location
    Lancs
    Posts
    1,032
    Thank Post
    157
    Thanked 60 Times in 48 Posts
    Rep Power
    31
    I've managed to log in to the skydrive app using my adfs account, went in ok but I can't see any documents. The one note app log's in fine and syncs all my notes using my adfs account. The Lync app I use is the 2010 one as we still haven't been upgraded by Microsoft yet, and that works fine when i manually enter the internal and external addresses manually.

  6. #6

    Join Date
    Dec 2012
    Posts
    47
    Thank Post
    0
    Thanked 3 Times in 3 Posts
    Rep Power
    4
    Quote Originally Posted by Edu-IT View Post
    Are they supported on the Academic plans? Worth checking.
    Your right it does need checking..... You need an A3 plan to use the apps are you using an A2 plan ?

  7. #7
    jamesbmarshall's Avatar
    Join Date
    Feb 2010
    Location
    Reading, UK
    Posts
    557
    Thank Post
    27
    Thanked 240 Times in 166 Posts
    Rep Power
    88
    Quote Originally Posted by mattysmith80 View Post
    You need an A3 plan to use the apps are you using an A2 plan ?
    You only need A3 to use Office Mobile for iOS; other apps should work fine as far as I know.

  8. #8

    Join Date
    Aug 2005
    Location
    Shropshire
    Posts
    299
    Thank Post
    17
    Thanked 11 Times in 8 Posts
    Rep Power
    21
    OK, so we are running A2 Plan, which would explain why we can't use the Office Mobile App for iOS, but it doesn't explain why we can't access the Lync or Skydrive App using an ADFS login, Skydrive works OK when using a non ADFS account and I can't get Lync to work at all!

    Cheers

    Matt

  9. #9

    Join Date
    Aug 2005
    Location
    Shropshire
    Posts
    299
    Thank Post
    17
    Thanked 11 Times in 8 Posts
    Rep Power
    21
    We can't seem to log into the new OWA iOS app either when using ADFS on our tenant.

    Anybody else got issues/problems trying to access the apps?

    Still can't access Lync or Skydrive and now OWA

    Thanks

    Matt

  10. #10
    jamesbmarshall's Avatar
    Join Date
    Feb 2010
    Location
    Reading, UK
    Posts
    557
    Thank Post
    27
    Thanked 240 Times in 166 Posts
    Rep Power
    88
    How have you got ADFS configured?

    I have an ADFS environment, used purely for testing*, which is just one ADFS server configured for forms-based auth, and I can sign into the SkyDrive Pro iOS app with a federated user without issue on an iPod Touch (5th gen) from an external network.

    It's a quick-and-dirty test but it shows that the apps should work - have you contacted support about this issue?



    *It's actually two VM roles in Windows Azure IaaS hosting Windows Server 2012, ADFS 2.1, and DirSync. I use it to demo SSO capabilities with customers. It's not the best practice way to configure ADFS as I don't use a proxy. You should have your internal ADFS servers configured for integrated auth, and proxies for forms-based.

  11. #11

    Join Date
    Aug 2005
    Location
    Shropshire
    Posts
    299
    Thank Post
    17
    Thanked 11 Times in 8 Posts
    Rep Power
    21
    Hi James...

    Our ADFS sounds like it's setup like yours... Just the 1 server, with Forms-Based authentication. We don't use Single Sign On in school... so users always get the form based login page when they access the services.

    I will contact support about it.

    Thanks

    Matt

  12. #12
    jamesbmarshall's Avatar
    Join Date
    Feb 2010
    Location
    Reading, UK
    Posts
    557
    Thank Post
    27
    Thanked 240 Times in 166 Posts
    Rep Power
    88
    Quote Originally Posted by mattpant View Post
    Hi James...

    Our ADFS sounds like it's setup like yours... Just the 1 server, with Forms-Based authentication. We don't use Single Sign On in school... so users always get the form based login page when they access the services.
    Ok, with this in mind, I might ask what the point is in using ADFS?

    Only having 1 server, and not even for the purpose of integrated auth for your domain joined users, introduces a huge amount of risk when it comes to outages as all of your users are wholly reliant on that one server being available 100% of the time - not to mention the additional overheads associated with running extra servers, etc.

    If you just want users to have the same username and password in both places, in sync, and easy to manage then you can do this with just DirSync and Password Sync (via the latest version of the DirSync appliance). You don't need to maintain the ADFS piece. One server, doesn't have to be highly available, and it's practically zero admin.

    Much more elegant that a single ADFS server exposed to the web!

  13. #13

    Join Date
    Aug 2005
    Location
    Shropshire
    Posts
    299
    Thank Post
    17
    Thanked 11 Times in 8 Posts
    Rep Power
    21
    Main reason for the ADFS was, at the time of initial setup, Password Sync was not available, so users would have had to have an over complex password to login to Office 365, I am aware of the new Password Sync feature of Dir Sync that would now overcome this issue.

    The other reason behind using ADFS Forms authentication was that we were able to personalise our login page with the school name/logo branding, information etc, something I don't think is yet possible with the Microsoft Login page?

    The other reason was our domain name is fairly long, @llanfyllin-hs.powys.sch.uk - so using the ADFS method meant that users only had to enter the username before the "@" sign, which is how the previous email system was setup and what users were use to.

    IF your able to tell me that it's entirely possible to do all what I've mentioned without needing ADFS then I would love to drop out ADFS server and run purely with the Microsoft Logon servers!!

    Thanks

    Matt

  14. #14
    jamesbmarshall's Avatar
    Join Date
    Feb 2010
    Location
    Reading, UK
    Posts
    557
    Thank Post
    27
    Thanked 240 Times in 166 Posts
    Rep Power
    88
    Quote Originally Posted by mattpant View Post
    Main reason for the ADFS was, at the time of initial setup, Password Sync was not available, so users would have had to have an over complex password to login to Office 365, I am aware of the new Password Sync feature of Dir Sync that would now overcome this issue.
    Exactly, and like I say it would also reduce the local infrastructure burden and make it a lot easier to manage!

    Quote Originally Posted by mattpant View Post
    The other reason behind using ADFS Forms authentication was that we were able to personalise our login page with the school name/logo branding, information etc, something I don't think is yet possible with the Microsoft Login page?
    Not yet, no.

    Quote Originally Posted by mattpant View Post
    The other reason was our domain name is fairly long, @llanfyllin-hs.powys.sch.uk - so using the ADFS method meant that users only had to enter the username before the "@" sign, which is how the previous email system was setup and what users were use to.
    I'll let you have that one, as it's a good point. ADFS would be the only way to make this a bit easier for your users, and you can use smart links to redirect your users from, say, mail.llanfyllin-hs.powys.sch.uk directly to your ADFS servers, and straight into OWA rather than having to hit the Microsoft portal first and then get re-directed to your ADFS server.

    I just get twitchy when I hear people say ADFS in the same sentence as "one server" because it is the single point of failure, but if you're willing to manage the risks of doing it that way then go for it!

  15. #15

    Join Date
    Aug 2005
    Location
    Shropshire
    Posts
    299
    Thank Post
    17
    Thanked 11 Times in 8 Posts
    Rep Power
    21
    Not yet, no.
    Are you aware of something on the way?? I'd sacrifice having to put the whole domain name in if we were able to customise the Microsoft Portal Page to use for login!!

    We have got a DNS entry already setup that takes us to our ADFS login page to access Office 365 rather then then the Microsoft Portal

    Thanks

    Matt



SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Office 365 ADFS SSO Problem
    By Norphy in forum Cloud Services
    Replies: 7
    Last Post: 18th September 2013, 05:23 PM
  2. Office 365 ADFS SSL Question
    By bcsdtech in forum Cloud Services
    Replies: 1
    Last Post: 17th May 2013, 05:28 PM
  3. Office 365 ADFS - Sign Out URL Redirect
    By mattpant in forum Cloud Services
    Replies: 0
    Last Post: 26th February 2013, 02:59 PM
  4. Office 365 or Google Apps for Education Demo Request
    By neilault in forum Cloud Services
    Replies: 2
    Last Post: 5th October 2012, 02:32 PM
  5. Replies: 12
    Last Post: 4th July 2012, 05:13 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •