Password Sync VS ADFS

Access Method ADFS DirSync w/ Password Verdict
Outlook 2010/2013 Prompted for credentials on first connection (and at each password change) with checkbox to remember them. Prompted for credentials on first connection (and at each password change) with checkbox to remember them. Draw, both have the same experience
ActiveSync, POP, IMAP Prompted for credentials on first connection (and at each password change) with checkbox to remember them. Prompted for credentials on first connection (and at each password change) with checkbox to remember them. Draw, both have the same experience
MS Online Portal, SharePoint Online, Office Web Apps Internal: Pop up offers click to sign in with no credentials required (External Forms Based Prompted) Prompted for credentials on first connection (and at each password change) with checkbox to remember them Better experience for ADFS while internal to company network, draw when external
OWA Internal: Seamless (External Forms Based Prompted) Prompted for credentials on first connection (and at each password change) with checkbox to remember them Better experience for ADFS while internal to company network, draw when external
Lync 2010/2013 Seamless (with Sign on Assistance installed for Lync 2010) Prompted for credentials on first connection (and at each password change) with checkbox to remember them. Better experience for ADFS

 

 

SSO Using ADFS

Pros Cons
 True SSO with minimum credential prompts  Additional infrastructure needed to deploy FS and Proxy FS
 Better security than when using DirSync’s password Sync  Added point of failure (even if multiple FS servers are deployed, this option brings in more dependencies for the setup to work)
   Additional cost involved with this setup
   SSL certificate from a public CA is needed and needs to be renewed on a periodic basis (cost/administrative work involved)
   More time/effort involved in setting up

 

DirSync with Password Sync

Pros and cons above reversed 🙂

In addition, based on my experience, for DirSync with Password Synchronization, you enable your users to use the same password they are using to logon to your on-premises Active Directory to logon to Windows Azure Active Directory. The users’ accounts and password are authenticated by Office 365, but for SSO with ADFS, the credentials are authenticated by the on premise ADFS server.

Leave a Reply

You must be logged in to post a comment.