Luca Bandinelli announces password sync with ADFS

Dan Holme

by Dan Holme on 5/3/2015

Share this:

Article Details

Date Revised:

Organizations implementing a hybrid environment have to choose where identities live and how they are synced: cloud-only (identities live in Office 365), hybrid synced with DirSync or AAD Sync, and federated with ADFS (Active Directory Federation Services). ADFS has provided a richer featureset (which is being equalized little by little) and a seamless "single sign-on" experience. But if a customer has an outage of ADFS on-premises, users cannot log on to Office 365 at all--Office 365 cannot contact the on-prem identity provider.

Today, Luca Bandinelli, Senior Program Manager at Microsoft, announced that now, passwords can be synchronized to Office 365 even for ADFS customers. Until now, passwords were sync'd as part of the second-listed option, DirSync (or AAD Sync). Now it's available to ADFS configurations.

This capability, called Password Sync Backup for Federated Sign-In will allow tenancies to continue functioning when there is an outage of ADFS. After passwords have sync'd (one time), if ADFS goes down you can simply disable ADFS on the tenancy.

There will be a slightly different user experience, because during the outage, users will be prompted to log in to Office 365, whereas when ADFS is running, single sign-on makes it transparent. Additionally, if users are accustomed to logging on with DOMAIN\username on-prem, the "temporary" log on will be with the user principal name, [email protected]

Content. Community. Events.

Unity Vision

IT Unity Newsletters

Unity Connect Amsterdam