"So if you need AD FS for single sign-on, how was the process?" This will be a poor technical explanation, but hopefully helpful:
We use SSO for our expense reporting, and how it works for us is we have an IIS server that handles the SSO function via certificate with us and our vendor. The cert sits on our IIS server and the corresponding cert sits in the "target" environment. The IIS server is in our "trusted sites" zone which allows the domain credentials to get passed to the IIS server. The target side trusts our IIS server (trust is misleading here because it's the cert that allows access not a domain trust, but I digress..). The user experience is they go to our SSO website and they have a dropdown of what SSO site to connect to click connect and away they go, no prompting for credentials. Dave From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Wednesday, June 27, 2012 7:28 AM To: NT System Admin Issues Subject: Office 365 and AD synchronization Getting ready to migrate a small office environment to office 365. Domain is 2008 R2, only 10 users. I'm reading through all the documentation and specifically looking at the requirement for a separate machine to host the Directory Synchronization tool. Anyone here do this yet with a small office? Just curious as to the load on the box. I'm going to create a VM for this but see that the minimum requirements are 4G RAM and 70G of disk space. That seems high to me for something like this in a very small environment. Curious to hear what others have seen after doing this in a similar environment. Also just starting to read about single sign-on. So using the AD Sync tool doesn't give you single-sign on? It just gets your users and groups up to Office 365? For what purpose, if the credentials are synched? That's what I don't understand yet, but I'm not done reading yet, so maybe that will come. So if you need AD FS for single sign-on, how was the process? Thanks, Christopher Bodnar Enterprise Achitect I, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 christopher_bod...@glic.com<mailto:> [cid:image001.jpg@01CD5439.938EA2C0] The Guardian Life Insurance Company of America www.guardianlife.com<http://www.guardianlife.com/> ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
<<inline: image001.jpg>>
