?
Solved

Google Apps, iPhones and ADFS ... oh my!

Posted on 2012-08-24
5
Medium Priority
?
3,252 Views
Last Modified: 2012-08-27
Howdy Experts,

My organization has just implemented SSO using ADFS for Google Apps.  This is working well for all desktop users and all mobile users with Windows or Android devices.  We are not, however, able to get the native mail and calendar apps on the iPhone to connect.  

Any suggestions to make the native apps work with ADFS?

Thanks!

-Thorin
0
Comment
Question by:Thorin
  • 2
  • 2
5 Comments
 
LVL 2

Expert Comment

by:PaulHend
ID: 38331518
Are the apps able to connect to the ADFS server at all?
0
 
LVL 2

Author Comment

by:Thorin
ID: 38331549
Not that I can tell....we used the Google Sync for IOS (http://support.google.com/mobile/bin/answer.py?hl=en&answer=138740) directions to configure the iPhones to connect to Google Apps.  However, after set up we only get "incorrect password" on the iPhone.  The same credentials work fine on devices.

Side note - we downloaded and installed Google Chrome to the iPhone and are able to login using ADFS inside that application only.
0
 
LVL 1

Accepted Solution

by:
andrewpriceau earned 2000 total points
ID: 38331840
Hey -
I dont have nay experience with ADFS - however have lots of experience in using other SSO solutions with Google Apps for example Okta / Secureauth.

I believe the issue here is that Google has essentially 2 x Passwords. Ordinarily, a system like OKta would connect to Google Apps using SAML for authentication, when a user logs into Okta, OKta then Uses a Google API to push the "logged in" password to Google Apps therefore it is always up to date. This is the password required for IOS devices being able to use the SSO password.

I dont believe ADFS , uses Google APIs to push passwords into Google , and is only a authentication system using SAML.

To SYNC passwords to Google you could use GAPS - http://support.google.com/a/bin/answer.py?hl=en&answer=2611859

This will sync your Passwords with Google, and allow you to authenticate over SAML/ADFS for login.
0
 
LVL 2

Expert Comment

by:PaulHend
ID: 38334378
I do know that if you have your calendar sync with iCloud enabled while also using the Google Exchange settings for authentication then you will have some sync issues.

I'd double check that you have no application specific passwords required for any of your accounts as well.

Please let me know what processes you have done to try to make this work, or the steps you have taken to help fix it.
0
 
LVL 2

Author Closing Comment

by:Thorin
ID: 38336915
Thanks!  Yes, that is it.  The devices work OK if we set them to use the old Google password.  We thought that was disabled when we switched to using ADFS.   We will use GAPS to sync the password.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question