Authentication setup with ADFS

Hello,

We are trying to re-structure our Lync Setup, Current setup is like:

Email : Office 365 no Hybird

Authentication for O365, In-House ADFS/Proxy server

Lync: Hosted with some other company, along with Polycom Lync Phone 

Authentication : is with there server only not on In-house ADFS or with Office 365

We need to transfer authentication from hosted provider to our ADFS server, is it possible?

Also, when we request for new Lync account to service provider, he creates, AD account, Mailbox, & Lync account with his Co. ID  and Add forwarder to our O365 Email IDs, with login name with our domain name

is it possible to achieve

Users Details he should get from Office 365, whatever r enabled mailbox for them Lync Account should get created and for authenication it should go to our on-premise ADFS/Proxy servers?

Please suggest, we are not very much expert on it but we will try to explain to our Lync service provider

Regards,

Swapnil


July 28th, 2015 2:33am
I wouldn't think so, I think your best bet would be to discuss the capabilities you want with your hosting firm.  For authentication, setting up a resource forest config might be an option to avoid separate account credentials.  https://gallery.technet.microsoft.com/Lync-2013-Resource-Forest-9888da88
Free Windows Admin Tool Kit Click here and download it now
July 28th, 2015 4:35pm

Hi

For this to work you would have to create a forest AD trust between your AD and the hosting providers AD where your lync identity is stored. Then you would have to sync your on premise AD users to the hosting provider's AD using FIM. This account on the hosting providers AD would be disabled and act as a container to allow lync to be enabled. Authentication would then come to your AD rather than the hosting providers.

At the moment you have an identity on premise, in 365 and with your hosting provider for each user. Between your AD and 365 you have FIM and Dirsync by the sounds of it so you can use ADFS/SS0. But the hosting provider (HP) is a separate account and in this model you cannot use ADFS for auth.

If your HP can do AD sync, this would be disruptive to your users as identities would need to be deleted in the HP AD and then synchronised from your AD and enabled for Lync again.

All of this is subjective to your HP actually offering this service and you should contact them to find out if this is even possible with their setup.

thanks

July 28th, 2015 4:41pm
Thanks for all reply, i will check with HP :)
Free Windows Admin Tool Kit Click here and download it now
July 30th, 2015 10:39am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics