Link to home
Start Free TrialLog in
Avatar of zejburton
zejburton

asked on

Bypassing SSO with Office365 for email only users.

Hi Running ADFS 2.0 with dirsync with SSO (to only the  @xxx.com domain).

This company also uses alot of contractors who only need email - and no domain authentication.
Unfortunately - anything going to the @xxx.com domain goes through SSO and needs a domain login - however they wish for them not to have domain access.

Is there a possible way to bypass SSO  so i can create these users without giving them access to the domain (i.e a login to the domain) so they can be email only.

Cheers
Avatar of Adam Brown
Adam Brown
Flag of United States of America image

Yes. You can create mailboxes that use your .onmicrosoft.com domain. If you create a new mailbox, you can select the email domain that is applied to it in O365. (Create the mailbox in O365, not in AD) When given the option, select company.onmicrosoft.com as the domain and that mailbox will not use ADFS for logon. This will be their reply to email, and they won't be able to use your Federated domain name for their login, but you maybe be able to reassign your @company.com email address as the reply address for those mailboxes.
Avatar of zejburton
zejburton

ASKER

Hey acBrown, thats what i ultimately ended up recommending to the customer in this instance anyway as my original idea.  I have just added the SMTP alias as a xxx.com and set it as reply through powershell.

It would be cool to see if there is a work around for this though - as i'm sure the helpdesk guys will probably be getting calls when theyre getting asked for logins. Oh well! security innit.

Thanks
ASKER CERTIFIED SOLUTION
Avatar of Adam Brown
Adam Brown
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Yep exactly.

Just going to write a flashy new user script for this :>

Thanks!