zejburton
asked on
Bypassing SSO with Office365 for email only users.
Hi Running ADFS 2.0 with dirsync with SSO (to only the @xxx.com domain).
This company also uses alot of contractors who only need email - and no domain authentication.
Unfortunately - anything going to the @xxx.com domain goes through SSO and needs a domain login - however they wish for them not to have domain access.
Is there a possible way to bypass SSO so i can create these users without giving them access to the domain (i.e a login to the domain) so they can be email only.
Cheers
This company also uses alot of contractors who only need email - and no domain authentication.
Unfortunately - anything going to the @xxx.com domain goes through SSO and needs a domain login - however they wish for them not to have domain access.
Is there a possible way to bypass SSO so i can create these users without giving them access to the domain (i.e a login to the domain) so they can be email only.
Cheers
Yes. You can create mailboxes that use your .onmicrosoft.com domain. If you create a new mailbox, you can select the email domain that is applied to it in O365. (Create the mailbox in O365, not in AD) When given the option, select company.onmicrosoft.com as the domain and that mailbox will not use ADFS for logon. This will be their reply to email, and they won't be able to use your Federated domain name for their login, but you maybe be able to reassign your @company.com email address as the reply address for those mailboxes.
ASKER
Hey acBrown, thats what i ultimately ended up recommending to the customer in this instance anyway as my original idea. I have just added the SMTP alias as a xxx.com and set it as reply through powershell.
It would be cool to see if there is a work around for this though - as i'm sure the helpdesk guys will probably be getting calls when theyre getting asked for logins. Oh well! security innit.
Thanks
It would be cool to see if there is a work around for this though - as i'm sure the helpdesk guys will probably be getting calls when theyre getting asked for logins. Oh well! security innit.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yep exactly.
Just going to write a flashy new user script for this :>
Thanks!
Just going to write a flashy new user script for this :>
Thanks!