Assuming a federated identity, the user will be redirected to the IdP login page: Next, the user enters his UPN and trigger the HRD process. The URL for the login page will look something like: If the user isn’t authenticated, he will be redirected to the Office 365 login page, even when using a federated identity. Let’s say the user opens a browser and tries to log in to an Office 365 resource such as OWA. Not only the process will be faster with fewer redirects, but because all required information is in the link, the user enjoys a seamless SSO experience. Smart links allow you to skip some of the steps by preconfiguring relevant parameters in the URL.
#SIGN IN TO MICROSOFT 365 SERIES#
The authentication process is a series of HTTP requests between the involved parties confirmed with a HTTP trace in your browser. To work around this, one can use “smart links” or “deep links.” The concept is pretty basic. At some point during the authentication process, the user must type in his UPN, press a button or do some other interactive task to trigger the HRD process, thus breaking the seamless experience. The service looks at the domain portion of the user’s UPN attribute, checks if a federated partner exists for the domain and redirects the request to the partner’s IdP site. HRD enables Microsoft’s identity platform to redirect the authentication to the correct federation partner. Smart links work through the Home Realm Discover (HRD) process. For example, a user from the Contoso organization needs to be authenticated by the Contoso IdP, a user from Fabrikam, by the Fabrikam IdP, and so on. If you’re using a third party option, it’s important the service knows where to redirect the request to. The authentication can be performed by the application itself or delegated to another party, the federated identity provider (IdP). As with any other web application, there are a number of methods for users to log in and verify their identity. Office 365 is a software-as-a-service (SaaS) offering that services millions of customers worldwide.
Understanding how smart links work requires additional knowledge of Office 365 authentication flows.
What are smart links and why do we need them? Today we’ll break down smart links and how they can improve the login process for Office 365 applications. Smart links are not a new feature, but information about smart links is hard to come by. Nevertheless, AD FS remains a viable, highly customizable option and offers a simple way to ensure seamless SSO for your users using smart links.
#SIGN IN TO MICROSOFT 365 PASSWORD#
With the introduction of password sync and now pass-through authentication, an argument can be made for replacing AD FS for some Office 365 customers. It gives you better control over the process, and the convenience of seamless single sign-on (SSO) for your users. Just a few years ago identity federation such as AD FS was the de facto standard for managing authentication in Office 365 for every large organization.
0 kommentar(er)
