requirement for ADFS for rich coexistence in Office 365

  • Last Post 4 weeks ago
BrianB posted this 15 February 2018

All:   Fairly quick question.   Is ADFS still a requirement for rich features or rich coexistence with Office 365 if we are federating and using on-prem authentication, or can PING Federate now provide the EXACT SAME features and rich existence?

  As I remember, Office 365, in its infancy, required ADFS for certain features that Shibboleth or Ping SSO could not provide. Given that so much has changed, I want to ask real-world experts that have been down this road already or who are just in-the-know.      Brian Britt  

Order By: Standard | Newest | Votes
BrianB posted this 4 weeks ago

Just wanted to send this out once more to get feedback. If you are familiar with this topic, I covet your feedback.

I have a meeting with my counterparts in our sister organization this Friday to discuss the continuance of using ADFS over PING Federate for SSO to Office 365.


Brian Britt



kool posted this 4 weeks ago

Hi Brian,


You probably already know this but ADFS is not necessary at all if you sync passwords to AAD. If you don’t sync passwords to AAD then you’d need to have a web SSO IdP such as ADFS (WS-* protocol to AAD) or Shibboleth



As I understand it, the most prominent feature of ADFS now is its device join and MDM capabilities. I have no idea if Ping Federate offers MDM capabilities.


ADFS does have the ability to use multiple federated IdPs. I’ve imported the InCommon federation metadata into our test ADFS and see all of the InCommon IdPs listed. However, we don’t use that feature in production.

The WS-Federation notion of federation is backwards from that employed by SAMLP and not very user-friendly.


Federation to Office 365 doesn’t really apply since all users of your O365 tenant (including guests/external users) must have a corresponding AAD account in your tenant. MS has created rather elaborate mechanisms

to provide external user access to AAD/O365 including B2B and B2C but those aren’t federation either.