There are a number of different ways
to provide Single Sign-On (SSO) in a Microsoft Cloud environment. The two most
popular ways are: Active Directory Federation Services (ADFS) and Password Hash
Sync, which is part of the Azure Active Directory Connect (AADConnect)
tool.
ADFS with federated login provides
true Single Sign-On (SSO) with Office 365 whereas AADConnect with Password
Sync allows for Same Sign-On which implies users will be prompted for
credentials when accessing Office 365 even in domain joined scenarios. ADFS
also allows for better access control. The users' accounts and passwords are
authenticated by the on premise ADFS server.
With AADConnect with Password Hash
Synchronization, you enable your users to use the same password they are using
to log-on to your on premise Active Directory to log-on to Windows Azure Active
Directory. The users' accounts and passwords are authenticated by Office 365.
Please
refer to the below table for compare both solutions-
#
|
ADFS
|
AADConnect
with Password Hash Sync
|
Verdict
|
Outlook
2010/2013
|
Prompted
for credentials on first connection (and at each password change) with
checkbox to remember them.
|
Prompted
for credentials on first connection (and at each password change) with
checkbox to remember them.
|
Draw, both
have the same experience
|
ActiveSync,
POP, IMAP
|
Prompted
for credentials on first connection (and at each password change) with
checkbox to remember them.
|
Prompted
for credentials on first connection (and at each password change) with
checkbox to remember them.
|
Draw,
both have the same experience
|
MS
Online Portal, SharePoint Online, Office Web Apps
|
Internal:
Pop up offers click to sign in with no credentials required (External Forms
Based Prompted)
|
Prompted
for credentials on first connection (and at each password change) with
checkbox to remember them
|
Better
experience for ADFS while internal to company network, draw when external
|
OWA
|
Internal:
Seamless (External Forms Based Prompted)
|
Prompted
for credentials on first connection (and at each password change) with
checkbox to remember them
|
Better
experience for ADFS while internal to company network, draw when external
|
Lync
2010/2013
|
Seamless
(with Sign on Assistance installed for Lync 2010)
|
Prompted
for credentials on first connection (and at each password change) with
checkbox to remember them.
|
Better
experience for ADFS
|
O365
login page Customization
|
customize
the login page – Company name, Logo, hints on what to type in etc.
|
No
Customization
|
Better
experience for ADFS
|
Client
Access Filtering
|
Restricts
access to Exchange Online to users based on their IP address. Customers
frequently use this control to limit hourly workers to only checking mail
while onsite
|
NA
|
Better
experience for ADFS
|
Additional
infrastructure needed to deploy
|
Yes, 5
Servers (1 AADConnect + 2 Web Application Proxy HA Farm + 2 ADFS HA Farm) and
SSL certificate from a public CA
|
Yes 1
Server- ADConnect
|
Less
Administrative overhead plus less cost with AADConnect with Password Hash
Sync
|
Availability
and Business Continuity
|
To
access to cloud resources, it relies heavily on authentication to the local
ADFS Infrastructure. If ADFS Infrastructure or Corporate Internet is down, it
will impact productivity and business
|
Productivity
and Business can continue.
|
Better
User experience for AADConnect with Password Hash Sync
|
Titanium Wheel-Azeron - The Art of the Tithron - TITNIA
ReplyDeleteTitanium wheels ford fusion titanium and wheel-Azeron.Titanium titanium trimmer wheels and wheels-Azeron.Titanium everquest titanium wheels and titanium color wheels-Azeron.Titanium wheels and wheels-Azeron.Titanium wheels and wheels-Azeron. microtouch titanium trim as seen on tv