Microsoft Outage affected Federated Domains
-
@Dashrender said in Microsoft Outage affected Federated Domains:
the idea of ADFS definitely sounds cool - it would be awesome to not have to call the hospital when we hire a new employee, through ADFS our new employee just works
But you get that without ADFS as well.
-
So the way ADFS works (here) is that when a client attempts to access say, email, they hit microsoft, which forwards the request to our exchange server to confirm the user details, and then our server redirects the request back to microsoft to access email.
This is a long handshake. Just have autodiscover setup and configured that Microsoft is syncing our details from exchange, and allowing people to authenticate against what microsoft has for email is way "cleaner".
And way less of a headache (like the past 4 days)
-
@DustinB3403 said in Microsoft Outage affected Federated Domains:
So the way ADFS works (here) is that when a client attempts to access say, email, they hit microsoft, which forwards the request to our exchange server to confirm the user details, and then our server redirects the request back to microsoft to access email.
This is a long handshake. Just have autodiscover setup and configured that Microsoft is syncing our details from exchange, and allowing people to authenticate against what microsoft has for email is way "cleaner".
And way less of a headache (like the past 4 days)
apparently that is what AD sync is for. why are you using ADFS and not AD sync?
-
@DustinB3403 said in Microsoft Outage affected Federated Domains:
So the way ADFS works (here) is that when a client attempts to access say, email, they hit microsoft, which forwards the request to our exchange server to confirm the user details, and then our server redirects the request back to microsoft to access email.
This is a long handshake. Just have autodiscover setup and configured that Microsoft is syncing our details from exchange, and allowing people to authenticate against what microsoft has for email is way "cleaner".
And way less of a headache (like the past 4 days)
I suppose I see what you're saying AD sync can give you this. So what other features of ADFS is @coliver getting that AD sync doesn't provide?
-
@Dashrender said in Microsoft Outage affected Federated Domains:
@DustinB3403 said in Microsoft Outage affected Federated Domains:
So the way ADFS works (here) is that when a client attempts to access say, email, they hit microsoft, which forwards the request to our exchange server to confirm the user details, and then our server redirects the request back to microsoft to access email.
This is a long handshake. Just have autodiscover setup and configured that Microsoft is syncing our details from exchange, and allowing people to authenticate against what microsoft has for email is way "cleaner".
And way less of a headache (like the past 4 days)
apparently that is what AD sync is for. why are you using ADFS and not AD sync?
I wasn't included in these conversations, I'm just the janitor looking to clean the mess.
-
@Dashrender said in Microsoft Outage affected Federated Domains:
@DustinB3403 said in Microsoft Outage affected Federated Domains:
So the way ADFS works (here) is that when a client attempts to access say, email, they hit microsoft, which forwards the request to our exchange server to confirm the user details, and then our server redirects the request back to microsoft to access email.
This is a long handshake. Just have autodiscover setup and configured that Microsoft is syncing our details from exchange, and allowing people to authenticate against what microsoft has for email is way "cleaner".
And way less of a headache (like the past 4 days)
I suppose I see what you're saying AD sync can give you this. So what other features of ADFS is @coliver getting that AD sync doesn't provide?
I honestly have no clue what features are included. I haven't done anything (besides the work over these past 4 days) to try and find what was broke.
I'm not an exchange guy.
