Ok - so I apologize in advance - this is a few questions rolled up into one - but here goes...
We have an Office365 E subscription. Its been setup for a while now, and working well. We have DirSync and ADFS setup for "SSO", which works. However, I am not sure if it works in the best possible manner.
We have ADFS deployed on our local LAN here. One ADFS server and one ADFS Proxy server (in a DMZ). However, for the domain that we have federations setup for, we do not have internal DNS, only external. This domain is configured in AD as a UPN suffix, and all users use it. For example, our AD domain is:
NetBIOS Name: Internal
AD FQDN Domain: Internal.Corporation.com
The UPN we are using is just @corp.com.
We do not have internal DNS for the CORP.COM domain.
So, when ADFS was setup, and we created the external DNS record for sts.corp.com, we ended up implementing DNS doctoring on our Cisco firewall to deal with it. So, it has always been that I have a consistent experience whether on site or remote; When I open a browser and navigate to Outlook.Office35.com:
1. Land at the Office365 Login Page; I put in my username email@example.com
2. Get redirected to sts.corp.com, and enter my credentials
3. Get redirected back to the Office365 resource.
As I said, this works just fine. However, I am "learning" that if I am on the local LAN, I should not have to go through all of that. I should be authenticated more seamlessly (i.e. not have to see both the Office365 login screen and the STS login screen)? Is this true?