+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 18
Cloud Services Thread, office 365 single sign on (good idea or waste of time) in Technical; a lot of my schools (read probably all) are moving to office 365 as lln are going away . Now ...
  1. #1


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    7,059
    Thank Post
    232
    Thanked 926 Times in 795 Posts
    Rep Power
    309

    office 365 single sign on (good idea or waste of time)

    a lot of my schools (read probably all) are moving to office 365 as lln are going away . Now i quickly set it up in one school (they wanted email addresses asap so i just dumped ad users into a spreadsheet twiddle a bit and uploaded them so they now all have shiny new office 265 email). In the future (or possibly retroactively bearing in mind as usernames are in that schoo, staffab and office 365 are first.surname (and to complicate further a few have married name on 365 not in ad)) how easy and more importantly useful is it to set up sso?

    If its a lot of faffing round to just skip 1 password is it worth it?

  2. #2
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    4,002
    Thank Post
    983
    Thanked 477 Times in 398 Posts
    Blog Entries
    12
    Rep Power
    98
    Pointless imo, our students and staff have no problem logging on to webmail when they need to.

    Outlook client requires no login after the first setup.

    Simples

  3. #3


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    7,059
    Thank Post
    232
    Thanked 926 Times in 795 Posts
    Rep Power
    309
    Quote Originally Posted by zag View Post
    Pointless imo, our students and staff have no problem logging on to webmail when they need to.

    Outlook client requires no login after the first setup.

    Simples
    thats my take on it as well just wanted opinions looking into sso it looks like a right pita

  4. #4
    hallb15's Avatar
    Join Date
    Jan 2012
    Location
    Leeds
    Posts
    618
    Thank Post
    666
    Thanked 351 Times in 235 Posts
    Rep Power
    95
    We are going down the Office365 route as well. I saw the SSO option, but haven't decided as yet.
    From a security point of view, we all know what certain members of staff can be like when it comes to leaving themselves logged in to a computer and walking away...

  5. #5


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    7,059
    Thank Post
    232
    Thanked 926 Times in 795 Posts
    Rep Power
    309
    Quote Originally Posted by hallb15 View Post
    We are going down the Office365 route as well. I saw the SSO option, but haven't decided as yet.
    From a security point of view, we all know what certain members of staff can be like when it comes to leaving themselves logged in to a computer and walking away...
    stupidity/lazyness will always trump technology

  6. #6
    hallb15's Avatar
    Join Date
    Jan 2012
    Location
    Leeds
    Posts
    618
    Thank Post
    666
    Thanked 351 Times in 235 Posts
    Rep Power
    95
    This leads me on to another issue. One domain or two?
    As all LLN schools were originally configured with two domains, one for Admin and one for Curriculum, and have a CISCO router to separate them, (which I assume LLN will want back) what are you doing about your domains when you leave LLN?

  7. #7


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    7,059
    Thank Post
    232
    Thanked 926 Times in 795 Posts
    Rep Power
    309
    Quote Originally Posted by hallb15 View Post
    This leads me on to another issue. One domain or two?
    As all LLN schools were originally configured with two domains, one for Admin and one for Curriculum, and have a CISCO router to separate them, (which I assume LLN will want back) what are you doing about your domains when you leave LLN?
    i have as admin servers get replaced been moving them to a single network anyway just leaving a 2nd nic in the "admin" server for avco all thats all that half of the router does (unless they have voip)

    school im at now has had a single domain for a few years im moving another to single domain at half term (admin server and 2-3 pcs wow that needs a domain lol) they even had a better spec dell server lying unused than their ye olde admin hp server
    Last edited by sted; 27th September 2013 at 01:40 PM.

  8. #8

    Norphy's Avatar
    Join Date
    Jan 2006
    Location
    Harpenden
    Posts
    2,584
    Thank Post
    59
    Thanked 371 Times in 287 Posts
    Blog Entries
    7
    Rep Power
    134
    Quote Originally Posted by sted View Post
    thats my take on it as well just wanted opinions looking into sso it looks like a right pita
    I did it in an afternoon. It's not that hard. The instructions that Microsoft provide on their website are pretty clear and comprehensive and will guide you through the process nicely. It means that your users will have to remember one less password which is always useful.

    Plus once ADFS is set up, there's no reason why you couldn't use it for other services. We have it authenticating our Blackboard users and we're using a hosted service from them now.

  9. #9


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    7,059
    Thank Post
    232
    Thanked 926 Times in 795 Posts
    Rep Power
    309
    Quote Originally Posted by Norphy View Post
    I did it in an afternoon. It's not that hard. The instructions that Microsoft provide on their website are pretty clear and comprehensive and will guide you through the process nicely. It means that your users will have to remember one less password which is always useful.

    Plus once ADFS is set up, there's no reason why you couldn't use it for other services. We have it authenticating our Blackboard users and we're using a hosted service from them now.
    ok then do i need any extra hardware/
    looking at it its the certificates stuff that puts me off and my domain is school.local and email is now longschoolname.co.uk iirc

  10. #10

    Norphy's Avatar
    Join Date
    Jan 2006
    Location
    Harpenden
    Posts
    2,584
    Thank Post
    59
    Thanked 371 Times in 287 Posts
    Blog Entries
    7
    Rep Power
    134
    Depends. I have it running on VMs so I didn't need any additional hardware. You could put it on existing member servers if you wanted to. You can't put the ADFS and ADFS proxy on the same box, you shouldn't out either onto a domain controller.

    The only certificate that you need to worry about is the one that your ADFS server is published at. It will need to be a trusted cert from the likes of Verisign or Comodo (I got ours from Janet). It doesn't matter what your email domain or AD domain is called.

    You will need to have the ADFS proxy on a publicly accessible IP address though, that may be your biggest difficulty. I don't know if it will work through a reverse proxy or not.

  11. #11
    xenonive's Avatar
    Join Date
    Mar 2008
    Location
    Colchester
    Posts
    228
    Thank Post
    40
    Thanked 52 Times in 45 Posts
    Rep Power
    26
    You might want to consider using a mesh host, like Welcome to YouID they can sync all your usernames and passwords over various services for single sign on . Think its about £2 per user but they can host a frontend for users

  12. #12

    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,198
    Thank Post
    321
    Thanked 314 Times in 219 Posts
    Rep Power
    125
    We have Office365 for students and it has crossed my mind a couple of times if we offer SSO but the negs outweigh the positives, such as they are relaying on us to authenticate for them. What happens if i want to do work on the servers over the weekend and restart the servers, students are then left without access to their emails.

  13. #13


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    7,059
    Thank Post
    232
    Thanked 926 Times in 795 Posts
    Rep Power
    309
    Quote Originally Posted by Norphy View Post
    Depends. I have it running on VMs so I didn't need any additional hardware. You could put it on existing member servers if you wanted to. You can't put the ADFS and ADFS proxy on the same box, you shouldn't out either onto a domain controller.

    The only certificate that you need to worry about is the one that your ADFS server is published at. It will need to be a trusted cert from the likes of Verisign or Comodo (I got ours from Janet). It doesn't matter what your email domain or AD domain is called.

    You will need to have the ADFS proxy on a publicly accessible IP address though, that may be your biggest difficulty. I don't know if it will work through a reverse proxy or not.
    i have a single external ip address but thats atm used for my bodged set up to test then went live) terminal server but i could probably redirect the ports to the requisite server i have s 2008r1 box there doing jack (was the main server went wyrd was replaced now im trying to rehabilitate it as extra backup storage)

  14. #14

    Norphy's Avatar
    Join Date
    Jan 2006
    Location
    Harpenden
    Posts
    2,584
    Thank Post
    59
    Thanked 371 Times in 287 Posts
    Blog Entries
    7
    Rep Power
    134
    Do you have control of your external DNS as well?

  15. #15


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    7,059
    Thank Post
    232
    Thanked 926 Times in 795 Posts
    Rep Power
    309
    Quote Originally Posted by Norphy View Post
    Do you have control of your external DNS as well?
    personally no but i "think" the boss does as he sorted the mx records out but atm i doubt the url does owt its just for email



SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Moodle - Single Sign on
    By ceebster in forum Virtual Learning Platforms
    Replies: 2
    Last Post: 18th June 2014, 12:28 PM
  2. Single Sign on software
    By localzuk in forum General Chat
    Replies: 36
    Last Post: 17th July 2008, 11:25 AM
  3. Moodle Single Sign On with CMS
    By monkeyx in forum Virtual Learning Platforms
    Replies: 0
    Last Post: 26th November 2007, 09:39 AM
  4. ePortal and CC3 Single Sign On
    By budgester in forum MIS Systems
    Replies: 3
    Last Post: 21st June 2007, 11:26 AM
  5. CMIS ePortal Single Sign-on
    By markberry in forum MIS Systems
    Replies: 12
    Last Post: 27th March 2007, 12:27 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •