Google Apps, iPhones and ADFS ... oh my!

Posted on 2012-08-24
Last Modified: 2012-08-27
Howdy Experts,

My organization has just implemented SSO using ADFS for Google Apps.  This is working well for all desktop users and all mobile users with Windows or Android devices.  We are not, however, able to get the native mail and calendar apps on the iPhone to connect.  

Any suggestions to make the native apps work with ADFS?


Question by:Thorin
    LVL 2

    Expert Comment

    Are the apps able to connect to the ADFS server at all?
    LVL 2

    Author Comment

    Not that I can tell....we used the Google Sync for IOS ( directions to configure the iPhones to connect to Google Apps.  However, after set up we only get "incorrect password" on the iPhone.  The same credentials work fine on devices.

    Side note - we downloaded and installed Google Chrome to the iPhone and are able to login using ADFS inside that application only.
    LVL 1

    Accepted Solution

    Hey -
    I dont have nay experience with ADFS - however have lots of experience in using other SSO solutions with Google Apps for example Okta / Secureauth.

    I believe the issue here is that Google has essentially 2 x Passwords. Ordinarily, a system like OKta would connect to Google Apps using SAML for authentication, when a user logs into Okta, OKta then Uses a Google API to push the "logged in" password to Google Apps therefore it is always up to date. This is the password required for IOS devices being able to use the SSO password.

    I dont believe ADFS , uses Google APIs to push passwords into Google , and is only a authentication system using SAML.

    To SYNC passwords to Google you could use GAPS -

    This will sync your Passwords with Google, and allow you to authenticate over SAML/ADFS for login.
    LVL 2

    Expert Comment

    I do know that if you have your calendar sync with iCloud enabled while also using the Google Exchange settings for authentication then you will have some sync issues.

    I'd double check that you have no application specific passwords required for any of your accounts as well.

    Please let me know what processes you have done to try to make this work, or the steps you have taken to help fix it.
    LVL 2

    Author Closing Comment

    Thanks!  Yes, that is it.  The devices work OK if we set them to use the old Google password.  We thought that was disabled when we switched to using ADFS.   We will use GAPS to sync the password.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Are you having trouble connecting or getting your iPhone / Samsung device(s) to sync with Microsoft Exchange Server?   What have you tried?   What haven't you tried?
    Synchronize a new Active Directory domain with an existing Office 365 tenant
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now