Forum Discussion
Joe_Carter_1529
Nimbostratus
NimbostratusOffice 365 iApp and Office Mobile
I've successfully implemented the BIG-IP Office 365 iApp to enable SSO for Office 365 in our organisation. However, I can't find out whether this supports SSO via the Office Mobile app. Can anyone clarify whether this is supported/possible?
Michael_Koyfma1Cirrus
Which Office Mobile are you talking about? Are you talking about the iOS app that allows you to create Office documents and read/write them to the cloud(OneDrive/SharePoint)?
Joe_Carter_1529Yes - the 'Office Mobile' app for both Android and iOS, which you can use with an Office 365 subscription. I can authenticate using local 'cloud' accounts, but can't with active directory accounts via the F5 (SSO).
- Michael_Koyfma1Hmm..this is quite interesting. I have the same app - and for some reason it DOES authenticate via federated account(well, the domain is federated, so there is no concept of the local cloud account, I'd say). The strangest thing is that while the authentication with my AD credentials happens, I do NOT see a connection/authentication attempt coming to APM - yet it works - so I am really puzzled. Unfortunately, there's no documentation about this one, but we will try to dig deeper and find out. Just out of curiousity, do you see any connection attempts coming to APM when you try to authenticate using your AD accounts? Also, what do you mean by local 'cloud' account in your context?
- Joe_Carter_1529
You can create accounts from within the Office 365 administrative interface, which use the 'tenantname.onmicrosoft.com' domain, and have a status of 'In cloud'. Any user synchronized from AD has a status of 'Synced with Active Directory'.
The only potential issue I can think of is that at present, our SSO is only available internally. However, given that the mobile device is connected to an internal wireless network, I wouldn't expect this to be an issue (it can authenticate via the SSO web interface with no problem).
I will check the APM logs later and report back.
- Michael_Koyfma1I realized why this works for me - my DirSync was setup to sync passwords - which explains why my password worked when I was doing the app setup. Need to check with Microsoft on whether this app supports Federation. Meanwhile, I will uncheck the Password Sync and see if I can get some federation attempts to work...
Gavin_Connell-OHi guys,
We're dealing with this issue now. We've deployed SAML 2.0 auth with APM v 11.4.1, and now we're stuck without Lync, OneDrive and the ability to do Office subscriptions.
Microsoft are telling us they are adding SAML support for this apps this year (2014), and I've heard the same thing about WS-* protocols being supported in F5 in a similar timeframe, but I'm really starting to need some better time-frames so I can plan out our implementation schedule.
I'm engaging our MS Account manager today, so if I get anything out of them I'll post it here.
http://technet.microsoft.com/en-us/library/jj679342.aspxBKMK_11
Cheers,
Gavin
- Joe_Carter_1529After working with MS for several weeks, they eventually confirmed that the thick clients (Office Mobile, OneDrive, etc), do not support SAML 2.0, and they couldn't say when they would. Similarly, F5 told me that they have no plans to support WS-* authentication. Like you I had to get mobile support working therefore I eventually had to implement an ADFS farm. You can still proxy/load-balance authentication to ADFS through the BIG-IP.
- Gavin_Connell-O
Thanks for that Joe, I'm hoping that we can hold out for the MS updates, but it's pretty difficult not knowing a timescale. This is the best info I've flund so far, but I'm hoping to get better info soon via back channels:
http://blogs.office.com/2014/03/06/announcing-support-for-saml-2-0-federation-with-office-365/.U_fsiAwpcmY.email
http://technet.microsoft.com/en-us/library/jj679342.aspxBKMK_11
I still may end up deploying ADFS as a filler for the 'thicker' clients...
Cheers,
Gavin