Symantec Access Management

Hello, we have the following scenario: We are using CA Single Sign-On 12.52; Update: 01.07; Build: 2259; CR: 07. and we have made the federation with Office 365. It is happening to us that when the user changes the Active Directory password he can not enter more from his cell phone to the mail client. Has this happened to anyone? What was the solution they found?

It is common for password changes to take some time to propagate throughout AD.  In the scenario given it sounds like the password change hasn't propagated to the mail server.  Does this problem clear after a few minutes or does the problem persist?

YPF-Privada

In our case the password never synchronize with microsoft azure and the IWA is not configured in the SPS.

The scheme of authentication is through authentication server connected to a Policy server and a SPS.

Regards.

--

Ariel Vitaliano

Analista de Seguridad

Tucumán 744

1049, Buenos Aires, Argentina

T 541154411023

ypf.com<http://www.ypf.com>

--

Antes de imprimir

este e-mail

piense bien si es

necesario hacerlo.

El medio ambiente

es cosa de todos.

De: Pete_Burant

Enviado el: lunes, 08 de enero de 2018 01:18 p.m.

Para: VITALIANO, ARIEL LUCAS

Asunto: Re:  - Re: Federation with Office 365

CA Communities <https://communities.ca.com/?et=watches.email.thread>

Re: Federation with Office 365

reply from Pete_Burant<https://communities.ca.com/people/Pete_Burant?et=watches.email.thread> in CA Single Sign-On - View the full discussion<https://communities.ca.com/message/242033894-re-federation-with-office-365?commentID=242033894&et=watches.email.thread#comment-242033894>

Is the login works from user's desktop but not from mobile ?

YPF-Privada

Yes, only happen when you use a mobile.

We have a domain policy for password expire. In this case, the user connect office 365 and the federation not work. Only works if you delete perfil and regenerates a new profile in your cellphone or mobile device.

In our case IWA is not configured in the SPS. It is necesary that is configured to works the password sincronism when you federated with a mobile?

Regards.

--

Ariel Vitaliano

Analista de Seguridad

Tucumán 744

1049, Buenos Aires, Argentina

T 541154411023

ypf.com<http://www.ypf.com>

--

Antes de imprimir

este e-mail

piense bien si es

necesario hacerlo.

El medio ambiente

es cosa de todos.

De: Makesh.T

Enviado el: lunes, 08 de enero de 2018 01:23 p.m.

Para: VITALIANO, ARIEL LUCAS

Asunto: Re:  - Re: Federation with Office 365

CA Communities <https://communities.ca.com/?et=watches.email.thread>

Re: Federation with Office 365

reply from Makesh.T<https://communities.ca.com/people/Makesh.T?et=watches.email.thread> in CA Single Sign-On - View the full discussion<https://communities.ca.com/message/242033913-re-federation-with-office-365?commentID=242033913&et=watches.email.thread#comment-242033913>

Seems like you have implemented PASSIVE PROFILE, but not ACTIVE PROFILE for RICH CLIENT Support.

Could you confirm you have implemented PASSIVE PROFILE and ACTIVE PROFILE for O365 ? For PASSIVE PROFILE only Partnership configuration is sufficient. ACTIVE PROFILE builds on top of PASSIVE PROFILE, thus has more additional configurations like setting up STS on CA AG.  

https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/partnership-federation/single-sign-on-to-office-365

https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/ca-sso-runbooks/microsoft-office-365

YPF-Privada

Nom both profiles are actives, Passive and Active.

This federation works in a computer and a mobile devices but the problem is when your password domain expire or change. The mobile not detect this change. This proof is in a cellphone with Android.

Regards.

--

Ariel Vitaliano

Analista de Seguridad

Tucumán 744

1049, Buenos Aires, Argentina

T 541154411023

ypf.com<http://www.ypf.com>

--

Antes de imprimir

este e-mail

piense bien si es

necesario hacerlo.

El medio ambiente

es cosa de todos.

De: HubertDennis

Enviado el: lunes, 08 de enero de 2018 02:24 p.m.

Para: VITALIANO, ARIEL LUCAS

Asunto: Re:  - Re: Federation with Office 365

CA Communities <https://communities.ca.com/?et=watches.email.thread>

Re: Federation with Office 365

reply from Hubert Dennis<https://communities.ca.com/people/HubertDennis?et=watches.email.thread> in CA Single Sign-On - View the full discussion<https://communities.ca.com/message/242033937-re-federation-with-office-365?commentID=242033937&et=watches.email.thread#comment-242033937>

"Mobile does not detect the expiration OR change"!!!

Could this be a handset / email client account setting issue?

For e.g. I have my Android Handset configured to use O365 and I use both forms of email client (outlook downloaded from App Store and exchange email app shipped with my phone). Whenever I change Password, it does pick up after a short delay that the credentials in the Email Client on the mobile is no longer valid. Hence stops syncing on mobile. I then have to manually go into the Client and retype my account (new) password. After that it is BAU.

Although my computer does prompt me 15 days in advance that my password is expiring, but the mobile does not. If I did not change my password and it expires. The email client on my mobile stops working without any prior notification. Then when I reset my password using the password reset portal. I have to update my Computer as well by logging out and logging in. I have to also update my outlook client on my laptop with my new password. I then go and manually update the Email Client Account settings on my mobile. This is the behavior I have.

Are you able to update your new password in the Email Client on your mobile using the Email Clients settings ?