0

I have the following setup

  • I had a usual Managed domain
  • I added Office365 users through Office365 admin console (including their emails and passwords).
  • I checked that I can configure my iOS Native mail to get emails (by using an email + password)
  • I federated domain to some home grown IdP (I didn't set up DirSync).
  • I checked that if I access Office365 (portal.office.com) then it does SSO(as expected)
  • I checked that If I configure my iOS Native mail then it still accepts email + password.

And now the twist.

After about a day, iOS Native mail stopped receiving emails. If I try to delete an account and add it back then it complains that it's unable to verify the user.

So, it looks like passwords work for 1 day and after go away.

Do you know, is this normal behavior or is this a bug? Do I need a DirSync to allow passwords continue working after federation for clients which doesn't support SSO/SAML.

Victor Ronin
  • 163
  • 1
  • 6
  • What's the home grown IdP? Have you checked the [Azure AD federation compatibility list](https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-federation-compatibility#pingfederate-611)? – Andy Liu - MSFT Mar 10 '17 at 05:12
  • Home grown IdP is identity provider which we implemented which knows how to talk WS-Fed/SAML. I just checked this list, it has high level imformation. However, it doesn't cover a subject for password based access (for applications which knows only how to use password) to federated domains. – Victor Ronin Mar 10 '17 at 15:39
  • You can use the [Microsoft Connectivity Analyzer Tool](https://testconnectivity.microsoft.com/?tabid=Client) for testing the configurations. Please see the article [Use a SAML 2.0 identity provider to implement single sign-on](https://msdn.microsoft.com/en-us/library/azure/dn641269.aspx) for more details. – Andy Liu - MSFT Mar 13 '17 at 07:41

0 Answers0