Forum Discussion
hehe_01_161744
Nimbostratus
NimbostratusOffice 2016 Activation Prompt
Hello,
Our organisation implemented F5 APM as the IDP for O365, using the below guide:
Microsoft Office 365 SAML IdP (BIG-IP v11, v12, v13: APM) https://f5.com/solutions/deployment-guides/microsoft-office-365-saml-idp-big-ip-v11-apm
However, now users are getting an office activation prompt requesting to enter their email address to activate (which works successfully). Although, previously using ADFS this would not happen, as the Office 2016 client would auto sign in and activate without requiring any user interaction. We are using the Shared computer activation model for MS Office 2016.
From investigating the traffic flow, in our situation the MS Office client does not follow the redirection to the IDP URL during the activation process.
Has anyone else experienced this issue?
Thanks.
Yes, F5 does support activation of ProPlus, but not in the automated fashion. This is because Microsoft does not support this for domains that are SAML federated.
The behavior observed has nothing to do with federation per se - it has to do with Office software behavior which does not perform automatic activation when SAML federation is used.
The automatic activation on the client side apparently only works while using the old federation mechanism called WS-Fed.
There was a post about an iRule that could implement a WS-Fed federation. See: https://devcentral.f5.com/articles/big-ip-iruleslx-fakeadfs-ws-federation-saml11-24608
