Layer7 Access Management

Expand all | Collapse all

Federation with Office 365

  • 1.  Federation with Office 365

    Posted 01-03-2018 12:52 PM

    Hello, we have the following scenario: We are using CA Single Sign-On 12.52; Update: 01.07; Build: 2259; CR: 07. and we have made the federation with Office 365. It is happening to us that when the user changes the Active Directory password he can not enter more from his cell phone to the mail client. Has this happened to anyone? What was the solution they found?



  • 2.  Re: Federation with Office 365

    Posted 01-08-2018 11:16 AM

    It is common for password changes to take some time to propagate throughout AD.  In the scenario given it sounds like the password change hasn't propagated to the mail server.  Does this problem clear after a few minutes or does the problem persist?



  • 3.  Re: Federation with Office 365

    Posted 01-08-2018 12:15 PM

    YPF-Privada

    In our case the password never synchronize with microsoft azure and the IWA is not configured in the SPS.

    The scheme of authentication is through authentication server connected to a Policy server and a SPS.

     

    Regards.

     

     

     

    --

    Ariel Vitaliano

    Analista de Seguridad

    Tucumán 744

    1049, Buenos Aires, Argentina

    T 541154411023

    ypf.com<http://www.ypf.com>

     

    --

    Antes de imprimir

    este e-mail

    piense bien si es

    necesario hacerlo.

    El medio ambiente

    es cosa de todos.

     

    De: Pete_Burant

    Enviado el: lunes, 08 de enero de 2018 01:18 p.m.

    Para: VITALIANO, ARIEL LUCAS

    Asunto: Re:  - Re: Federation with Office 365

     

    CA Communities <https://communities.ca.com/?et=watches.email.thread>

     

     

    Re: Federation with Office 365

     

    reply from Pete_Burant<https://communities.ca.com/people/Pete_Burant?et=watches.email.thread> in CA Single Sign-On - View the full discussion<https://communities.ca.com/message/242033894-re-federation-with-office-365?commentID=242033894&et=watches.email.thread#comment-242033894>



  • 4.  Re: Federation with Office 365

    Posted 01-08-2018 11:22 AM

    Is the login works from user's desktop but not from mobile ?



  • 5.  Re: Federation with Office 365

    Posted 01-08-2018 12:06 PM

    YPF-Privada

    Yes, only happen when you use a mobile.

    We have a domain policy for password expire. In this case, the user connect office 365 and the federation not work. Only works if you delete perfil and regenerates a new profile in your cellphone or mobile device.

    In our case IWA is not configured in the SPS. It is necesary that is configured to works the password sincronism when you federated with a mobile?

     

    Regards.

     

     

    --

    Ariel Vitaliano

    Analista de Seguridad

    Tucumán 744

    1049, Buenos Aires, Argentina

    T 541154411023

    ypf.com<http://www.ypf.com>

     

    --

    Antes de imprimir

    este e-mail

    piense bien si es

    necesario hacerlo.

    El medio ambiente

    es cosa de todos.

     

    De: Makesh.T

    Enviado el: lunes, 08 de enero de 2018 01:23 p.m.

    Para: VITALIANO, ARIEL LUCAS

    Asunto: Re:  - Re: Federation with Office 365

     

    CA Communities <https://communities.ca.com/?et=watches.email.thread>

     

     

    Re: Federation with Office 365

     

    reply from Makesh.T<https://communities.ca.com/people/Makesh.T?et=watches.email.thread> in CA Single Sign-On - View the full discussion<https://communities.ca.com/message/242033913-re-federation-with-office-365?commentID=242033913&et=watches.email.thread#comment-242033913>



  • 6.  Re: Federation with Office 365

    Posted 01-08-2018 12:23 PM

    Seems like you have implemented PASSIVE PROFILE, but not ACTIVE PROFILE for RICH CLIENT Support.

     

    Could you confirm you have implemented PASSIVE PROFILE and ACTIVE PROFILE for O365 ? For PASSIVE PROFILE only Partnership configuration is sufficient. ACTIVE PROFILE builds on top of PASSIVE PROFILE, thus has more additional configurations like setting up STS on CA AG.  

     

    https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/partnership-federation/single-sign-on-to-office-365

    https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/ca-sso-runbooks/microsoft-office-365

     

     



  • 7.  Re: Federation with Office 365

    Posted 01-08-2018 12:44 PM

    YPF-Privada

    Nom both profiles are actives, Passive and Active.

    This federation works in a computer and a mobile devices but the problem is when your password domain expire or change. The mobile not detect this change. This proof is in a cellphone with Android.

     

    Regards.

     

     

     

    --

    Ariel Vitaliano

    Analista de Seguridad

    Tucumán 744

    1049, Buenos Aires, Argentina

    T 541154411023

    ypf.com<http://www.ypf.com>

     

    --

    Antes de imprimir

    este e-mail

    piense bien si es

    necesario hacerlo.

    El medio ambiente

    es cosa de todos.

     

    De: HubertDennis

    Enviado el: lunes, 08 de enero de 2018 02:24 p.m.

    Para: VITALIANO, ARIEL LUCAS

    Asunto: Re:  - Re: Federation with Office 365

     

    CA Communities <https://communities.ca.com/?et=watches.email.thread>

     

     

    Re: Federation with Office 365

     

    reply from Hubert Dennis<https://communities.ca.com/people/HubertDennis?et=watches.email.thread> in CA Single Sign-On - View the full discussion<https://communities.ca.com/message/242033937-re-federation-with-office-365?commentID=242033937&et=watches.email.thread#comment-242033937>



  • 8.  Re: Federation with Office 365

    Posted 01-08-2018 01:03 PM

    "Mobile does not detect the expiration OR change"!!!

    Could this be a handset / email client account setting issue?

     

    For e.g. I have my Android Handset configured to use O365 and I use both forms of email client (outlook downloaded from App Store and exchange email app shipped with my phone). Whenever I change Password, it does pick up after a short delay that the credentials in the Email Client on the mobile is no longer valid. Hence stops syncing on mobile. I then have to manually go into the Client and retype my account (new) password. After that it is BAU.

     

    Although my computer does prompt me 15 days in advance that my password is expiring, but the mobile does not. If I did not change my password and it expires. The email client on my mobile stops working without any prior notification. Then when I reset my password using the password reset portal. I have to update my Computer as well by logging out and logging in. I have to also update my outlook client on my laptop with my new password. I then go and manually update the Email Client Account settings on my mobile. This is the behavior I have.

     

    Are you able to update your new password in the Email Client on your mobile using the Email Clients settings ?