Identities
Jump To: Support > KB > Office365? > Identities
Identities
Cloud Identity
- Separate credential from on-premises credential
- Authorisation occurs via cloud directory service
- Password policy is stored in Office 365
- Does not require on-premises server deployment
Federated Identity
- Same credential as on-premises credential
- Authentication occurs via on-premises directory service
- Password policy is stored on-premises
- Allows use of Access Control Policies
- Requires on-premises DirSync server
- Requires on-premises ADFS server
Sign-On experience
From: https://technet.microsoft.com/en-GB/library/office-365-user-account-management.aspx
Cloud Identity | Federated Identity | |
Microsoft Outlook 2007/2010/2013 | Sign in each session | Sign in each session |
Outlook for Mac | Sign in each session | Sign in each session |
Exchange ActiveSync | Sign in each session | Sign in each session |
POP,IMAP,Microsoft Outlook for Mac 2011 | Sign in each session | Sign in each session |
Office 2010 using SharePoint Online | Sign in each session | Sign in each session |
Office 365 Portal / Outlook Web App / SharePoint Online / Office Web Apps | Sign in each session | Sign in each session (username only) |
Skype for Business Online | Sign in each session | No prompt |
Some users wish to get Outlook 2013 to automatically single sign onto Office365 using Federated Identify. Unfortunately, this is not possible, by design:
https://support.microsoft.com/en-gb/kb/2535227 states “The experience for logging on to Microsoft Outlook connections is also not expected to be a single sign-on experience.”
Even so, it is generally worth avoiding SSO. James Marshall, an Office365 specialist at Microsoft UK, says “Deploying Office 365 Education? You don’t need single sign-on, and here’s why!”: http://www.jamesbmarshall.com/2013/10/you-dont-need-sso/