ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    SSO - What Are You Using and Why?

    IT Discussion
    4
    28
    3.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • wrx7mW
      wrx7m
      last edited by

      Hello everyone.

      I am considering SSO for our SMB. We currently have about 75 employees with AD accounts. We have Adobe Acrobat Standard/Pro/CreativeCloud subscriptions, Office 365 Pro Plus (I hope to move our e-mail services here soon) and will be adding some other services sooner or later.

      Obviously, compatibility/support is a concern but I would like to see what others are using.

      1 Reply Last reply Reply Quote 1
      • scottalanmillerS
        scottalanmiller
        last edited by

        So Adobe is the only thing outside of the MS suite to integrate?

        wrx7mW 1 Reply Last reply Reply Quote 0
        • wrx7mW
          wrx7m @scottalanmiller
          last edited by

          @scottalanmiller said in SSO - What Are You Using and Why?:

          So Adobe is the only thing outside of the MS suite to integrate?

          We were also looking at SSO for some EDI services (TrueCommerce, SPS Commerce, etc.) but I I need to do more research for them. Also, most likely NextCloud, hosted with Vultr or similar.

          1 Reply Last reply Reply Quote 0
          • ObsolesceO
            Obsolesce
            last edited by

            SSO in that sense is more of a convenience than anything else. And that's only if you use the online services in addition to the installed software (Office Suite). Is it worth spending the money and time to set up more servers for ADFS (and proxy), ADCS, etc?

            What would be the benefit in your case?

            1 Reply Last reply Reply Quote 0
            • wrx7mW
              wrx7m
              last edited by wrx7m

              Currently, I am using AADConnect (formerly dirsync) to sync users' login info for license activation and onedrive. The caveat is that because our local AD domain is .local (inherited this configuration), I had to add a UPN suffix to sync.

              True SSO would become more beneficial when moving our mail services to O365.

              scottalanmillerS ObsolesceO 2 Replies Last reply Reply Quote 0
              • wrx7mW
                wrx7m
                last edited by

                Also, Amazon Vendor Central US and CA versions.

                1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @wrx7m
                  last edited by

                  @wrx7m said in SSO - What Are You Using and Why?:

                  Currently, I am using AADConnect (formerly dirsync) to sync users' login info for license activation and onedrive. The caveat is that because our local AD domain is .local (inherited this configuration), I had to add a UPN suffix to sync.

                  True SSO would become more beneficial when moving our mail services to O365.

                  Have you considered dropping AD and moving to Azure AD instead? Basically flipping it and syncing in, rather than syncing out?

                  wrx7mW 1 Reply Last reply Reply Quote 1
                  • wrx7mW
                    wrx7m @scottalanmiller
                    last edited by wrx7m

                    @scottalanmiller said in SSO - What Are You Using and Why?:

                    @wrx7m said in SSO - What Are You Using and Why?:

                    Currently, I am using AADConnect (formerly dirsync) to sync users' login info for license activation and onedrive. The caveat is that because our local AD domain is .local (inherited this configuration), I had to add a UPN suffix to sync.

                    True SSO would become more beneficial when moving our mail services to O365.

                    Have you considered dropping AD and moving to Azure AD instead? Basically flipping it and syncing in, rather than syncing out?

                    I have not considered that. Although, I am concerned about Azure's past issues with its reliability/availability.

                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @wrx7m
                      last edited by

                      @wrx7m said in SSO - What Are You Using and Why?:

                      I have not considered that. Although, I am concerned about the past issues with its reliability/availability.

                      How often have you lost Azure AD?

                      wrx7mW 1 Reply Last reply Reply Quote 0
                      • wrx7mW
                        wrx7m @scottalanmiller
                        last edited by

                        @scottalanmiller said in SSO - What Are You Using and Why?:

                        @wrx7m said in SSO - What Are You Using and Why?:

                        I have not considered that. Although, I am concerned about the past issues with its reliability/availability.

                        How often have you lost Azure AD?

                        I haven't. I meant Azure in general.

                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @wrx7m
                          last edited by

                          @wrx7m said in SSO - What Are You Using and Why?:

                          @scottalanmiller said in SSO - What Are You Using and Why?:

                          @wrx7m said in SSO - What Are You Using and Why?:

                          I have not considered that. Although, I am concerned about the past issues with its reliability/availability.

                          How often have you lost Azure AD?

                          I haven't. I meant Azure in general.

                          Not the same thing 🙂 Azure is pretty fragile. Azure AD is not.

                          wrx7mW 1 Reply Last reply Reply Quote 1
                          • wrx7mW
                            wrx7m @scottalanmiller
                            last edited by

                            @scottalanmiller said in SSO - What Are You Using and Why?:

                            @wrx7m said in SSO - What Are You Using and Why?:

                            @scottalanmiller said in SSO - What Are You Using and Why?:

                            @wrx7m said in SSO - What Are You Using and Why?:

                            I have not considered that. Although, I am concerned about the past issues with its reliability/availability.

                            How often have you lost Azure AD?

                            I haven't. I meant Azure in general.

                            Not the same thing 🙂 Azure is pretty fragile. Azure AD is not.

                            That is good to know. I should look at to see the design considerations/topology.

                            1 Reply Last reply Reply Quote 0
                            • ObsolesceO
                              Obsolesce @wrx7m
                              last edited by

                              @wrx7m said in SSO - What Are You Using and Why?:

                              Currently, I am using AADConnect (formerly dirsync) to sync users' login info for license activation and onedrive. The caveat is that because our local AD domain is .local (inherited this configuration), I had to add a UPN suffix to sync.

                              True SSO would become more beneficial when moving our mail services to O365.

                              I AADConnect / PW Sync .locals to O365. Never any issues with that.

                              What problems are you running into?

                              wrx7mW 1 Reply Last reply Reply Quote 0
                              • wrx7mW
                                wrx7m @Obsolesce
                                last edited by wrx7m

                                @Tim_G I don't have issues with it, per se, it is a problem with having the .local and using the extra public domain so that it effectively turns the office 365 activation/portal from someone's actual email address, first.last@domainA.com to ADusername@domainB.com but using the same password. People rarely remember the difference when logging in to O365. I can't blame them.

                                ObsolesceO 1 Reply Last reply Reply Quote 0
                                • ObsolesceO
                                  Obsolesce @wrx7m
                                  last edited by

                                  @wrx7m said in SSO - What Are You Using and Why?:

                                  @Tim_G I don't have issues with it, per se, it is a problem with having the .local and using the extra public domain so that it effectively turns the office 365 activation/portal from someone's actual email address, first.last@domainA.com to ADusername@domainB.com but using the same password. People rarely remember the difference when logging in to O365. I can't blame them.

                                  I see. Yeah if the AD login, domain, AND email address are all completely different... I can see the user confusion.

                                  I was thinking it was something like: username@domain.local vs username@domain.com.

                                  wrx7mW 1 Reply Last reply Reply Quote 0
                                  • wrx7mW
                                    wrx7m @Obsolesce
                                    last edited by

                                    @Tim_G Unfortunately, it won't allow a .local because it isn't a public TLD.

                                    ObsolesceO 1 Reply Last reply Reply Quote 0
                                    • wrx7mW
                                      wrx7m
                                      last edited by

                                      @scottalanmiller - I can't seem to find how I would implement the Azure AD outside-in approach. I see tons of stuff on how I have already installed AADConnect and sync out.

                                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @wrx7m
                                        last edited by

                                        @wrx7m said in SSO - What Are You Using and Why?:

                                        @scottalanmiller - I can't seem to find how I would implement the Azure AD outside-in approach. I see tons of stuff on how I have already installed AADConnect and sync out.

                                        You just... use it. There's nothing to know. Shut down AD, use Azure AD.

                                        wrx7mW ObsolesceO 2 Replies Last reply Reply Quote 0
                                        • wrx7mW
                                          wrx7m @scottalanmiller
                                          last edited by

                                          @scottalanmiller said in SSO - What Are You Using and Why?:

                                          @wrx7m said in SSO - What Are You Using and Why?:

                                          @scottalanmiller - I can't seem to find how I would implement the Azure AD outside-in approach. I see tons of stuff on how I have already installed AADConnect and sync out.

                                          You just... use it. There's nothing to know. Shut down AD, use Azure AD.

                                          There has to be more to it. Does it migrate the existing AD domain and all the users/computers accounts? What about my on-prem Exchange 2010 server?

                                          scottalanmillerS 1 Reply Last reply Reply Quote 0
                                          • scottalanmillerS
                                            scottalanmiller @wrx7m
                                            last edited by

                                            @wrx7m said in SSO - What Are You Using and Why?:

                                            @scottalanmiller said in SSO - What Are You Using and Why?:

                                            @wrx7m said in SSO - What Are You Using and Why?:

                                            @scottalanmiller - I can't seem to find how I would implement the Azure AD outside-in approach. I see tons of stuff on how I have already installed AADConnect and sync out.

                                            You just... use it. There's nothing to know. Shut down AD, use Azure AD.

                                            There has to be more to it. Does it migrate the existing AD domain and all the users/computers accounts? What about my on-prem Exchange 2010 server?

                                            You move to modern email of course. You don't use Azure AD with old on prem Exchange. And no, it does not migrate, it's a new thing. You'd set it up fresh in most cases. It's not AD, you'll likely make new choices.

                                            1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 1 / 2
                                            • First post
                                              Last post