Home / server / Questions / 803940
Accepted
Jack Pettersson
Asked: 2016-09-20 02:38:04 +0800 CST

Is my Office 365 ADFS SSO working properly?

  • 772

We have Office 365 hosted by an MSP. Included in this service is an ADFS server for SSO.

The SSO have never really worked properly, so i'm going to contact them and about it. But before I do so, I just wanted to make sure that it isn't working as intended.

When i go to portal.office.com and type in my username+upn and click in the password field I get redirected to another login screen (see image below, its in Swedish, but you should get the jist).

enter image description here

After I authenticate on that screen I get into the portal.

If I logout and then in again I get don't get that login screen, which is perfect. But if i close IE, open it again and go to portal.office.com again the login prompt comes up.

Isn't the point of ADFS for it to automatically log me in using my AD credentials? In my world that login-screen should never come up. In skype for business all i have to do is type my username+upn and i get logged in for instance.

So my question is: Is what i explained above correct behaviour for a properly set up ADFS SSO, or is there something amiss in the configuration?

single-sign-on microsoft-office-365 adfs

3 Answers

  1. Best Answer

    There is nothing in your explanation to suggest the ADFS is poorly configured.
    And you're probably on the wrong forum, as you're an end user without access to the configuration itself... Regardless I'll try and give you an answer.

    While you could use windows integrated authentication it might just be turned off on purpose.
    Or a myriad of other reasons might be causing it..

    Isn't the point of ADFS for it to automatically log me in using my AD credentials?

    No it isn't.
    The point of ADFS is to allow you to use those credentials.
    Logging in automatically with browsers that support it is just a feature that can be added.

    • 1

  2. Also, after you put the site as trusted in your local intranet. you can go to internet properties, scroll clear down to the bottom make sure there is a check mark "Enable Integrated Windows Authentication"

    • 1

  3. After doing some more research i found this TechNet article that got me onto the right track. I did not know that the ADFS Endpoint needed to be in the trusted local-intranet site list. After adding this the ADFS works flawlessly. Will make a GPO for this!

    • 0