It then take the domain/UPN from the basic authentication and sends it to the Authentication Platform.Ĩ. Now Exchange Online does a trick called “Proxy Auth” where it creates a shadow representation of the user.ħ. This will be send off to Exchange OnlineĦ. they can save this, but they will get prompted the first time.ĥ. The user will get at prompt and here they need to type in there username with an UPN ex. Outlook connect to Exchange Online and it will request Basic authenticationĤ. The user login and the sign in assistant kick in as above and do the round-trip to get the Auth. Where as Outlook/Active Sync does the following:ġ. The client have one of those and sends it to Lync Online token can now be used for login.Note all above happens at logon and the users doesn’t see it.ġ1.
The Authentication Platform verifies the token and converts it to an Auth token, which contain the UPN and now Unique ID from the Authentication Platform. The sign in assistant take the token to the Authentication Platformħ.
The sign in assistant then goes to the ADFS server and authenticate via Kerberos or NTLM and when the it’s authenticated, the ADFS server gives the user an SAML token including the claims: UPN and Source User ID (ImmutableID).Ħ.
The Authentication Platform return the URL to the sign in assistant pointing to the ADFS server. of the user and goes directly to the Authentication PlatformĤ. The sign in assistant already know the UPN etc. After they login the sign in assistant kicks inģ. First the user login to there machine/clientĢ. The reason you don't have the issue with Lync is because the authentication flow is different, Lync Online follows the following authentication flow when using AD FSġ. If you do have those profiles, where the outlook profile is re-created each time then yes for sure you will be prompted to enter credentials each time you launch outlook. You will find that during initial configuration it will prompt you for the credentials, as these then get sent to Exchange Online and then Exchange Online initiates the token request via the WAP/Proxy. If you are using Office 2013 then the SIA is not required as a built-in lightweight version is included in the installer. If you are using Office 2010 ensure that you have the SIA installed Lync on the other hand will login using a certificate and a new certificate will be requested using the stored credentials, and likewise if you update the UN/PW you will be asked to update these upon password change, also will happen in outlook. Are you saying that your users are asked to re-enter there password each time they launch outlook? can you describe the behavior in more detail if possible? Lync Client you will find that you do also have to type in the Username & Password during initial connect because this is an Active Client just like outlook.
0 kommentar(er)
