Dude where's my PFE?

I am a Premier Field Engineer (PFE) for Microsoft.

Another (Cloud) Tip…Federated vs. Managed Users

Another (Cloud) Tip…Federated vs. Managed Users

  • Comments 1
  • Likes

By Evan Basalik

Office 365 authentication has the concept of two types of users – federated and managed.

Federated users are ones for whose authentication Office 365 communicates with an on-premises federation provider (ADFS, Ping, etc) that then talks to an on-premises authentication directory (i.e., Active Directory or other directories) to validate a user’s credentials. This authentication redirect is relatively transparent to the user other than the fact that they might see their organizations federation sign-on page.

Managed users are cloud-only user and they only exist inside Windows Azure Active Directory. In this scenario, user log in via the Office 365 portal and provide credentials that are different than their on-premises credentials. In this scenario, some customer use Directory Synchronization (DirSync) to keep their on-premises users’ properties in sync with their on-premises directory, but don’t federate them.

Although there is less complexity with managed users, it does bring with it the need to remember another set of credentials except for the subset of customers who have adopted Password Synchronization. Those users leverage Password Synchronization to make sure the cloud and on-premises credentials are the same.

Comments
  • We have an Managed environment used only for the activation of Office 2011.  Password Sync is unreliable, so how can we enable SSO, and if we did, would the Office 2011 clients honor that federation? We also have our own ADFS servers.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment