Home > How-to Guides > Single-Sign-On for Office 365 mailboxes authenticated through on-prem ADFS server

Single-Sign-On for Office 365 mailboxes authenticated through on-prem ADFS server

This article applies to the following products:

  • Messageware ActiveSend O365
  • Messageware OWA Desktop O365

 

SUMMARY

The article provides information required to configure Single-Sign-On for Office 365 mailboxes authenticated through on-prem ADFS server.

CONFIGURATION

 In order to enable Single-Sign-On please check the following: 

  1. Internet Explorer browser's setting has to be configured with ADFS server URL added to the Local Intranet zone
    • To confirm that the above configuration is correct, Logon to Office 365, if no password is required then the configuration will work for both Messageware ActiveSend and MessgewareOWA Desktop as well.
  2. The following Deployment file flags should be configured depending on the scenario
    •  If users logon to the computer using a domain account associated with a mailbox, and authentication occurs on-prem (e.g. ADFS in a Hybrid environment), enable E-mail address and username auto populate by setting the following flags to true  

    • <emailAddress>

            <autoPopulate>true</autoPopulate>

       

      <userName>

              <autoPopulate>true</autoPopulate>

  • Moreover, the administrator must choose the format of the username field auto populated for users who match the format expected by the logon provider

<!--autoPopulateUserLogonFormat values:= DownLevel | Upn -->

<autoPopulateUserLogonFormat>DownLevel</autoPopulateUserLogonFormat>

 

  • DownLevel - domain\username (for example messageware.com\John) – this format is typically used for on-prem authentication
  • Upn - username@domain (for example John@messageware.com) – this format can be used for on-prem and/or O365 authentication 
Updated: