Another (Cloud) Tip…Federated vs. Managed Users
By Evan Basalik
Office 365 authentication has the concept of two types of users – federated and managed.
Federated users are ones for whose authentication Office 365 communicates with an on-premises federation provider (ADFS, Ping, etc) that then talks to an on-premises authentication directory (i.e., Active Directory or other directories) to validate a user’s credentials. This authentication redirect is relatively transparent to the user other than the fact that they might see their organizations federation sign-on page.
Managed users are cloud-only user and they only exist inside Windows Azure Active Directory. In this scenario, user log in via the Office 365 portal and provide credentials that are different than their on-premises credentials. In this scenario, some customer use Directory Synchronization (DirSync) to keep their on-premises users’ properties in sync with their on-premises directory, but don’t federate them.
Although there is less complexity with managed users, it does bring with it the need to remember another set of credentials except for the subset of customers who have adopted Password Synchronization. Those users leverage Password Synchronization to make sure the cloud and on-premises credentials are the same.
Comments
Anonymous
October 11, 2013
We have an Managed environment used only for the activation of Office 2011. Password Sync is unreliable, so how can we enable SSO, and if we did, would the Office 2011 clients honor that federation? We also have our own ADFS servers.- Anonymous
July 08, 2016
Hi Matthew,In that case it would be a Synced Identity. It's managed on-prem but there's no Federation Trust between on-prem and Cloud.For more details check this article from Jaap Wesselius: https://www.simple-talk.com/cloud/software-as-a-service/cloud-identities-versus-federated-identities-in-office-365/
- Anonymous
Anonymous
July 03, 2015
Fast and clear post, but a question about examples:
I sync Active Directory users to Azure AD with password replication. Is the Azure AD accounts managed or federated ?- Anonymous
July 08, 2016
Hi Matthew,In that case it would be a Synced Identity. It’s managed on-prem but there’s no Federation Trust between on-prem and Cloud.For more details check this article from Jaap Wesselius: https://www.simple-talk.com/cloud/software-as-a-service/cloud-identities-versus-federated-identities-in-office-365/ - Anonymous
July 08, 2016
Hi Samir,In that case it would be a Synced Identity. It’s managed on-prem but there’s no Federation Trust between on-prem and Cloud.For more details check this article from Jaap Wesselius: https://www.simple-talk.com/cloud/software-as-a-service/cloud-identities-versus-federated-identities-in-office-365/
- Anonymous