I’ve been working with MS Online (BPOS) for quite some months but it’s only now, with more and more customers looking into it for their environments that we’re seeing the odd little questions etc we didn’t anticipate.
This is one that came up today and, while it might be obvious to some of you, it probably won’t to others 🙂
BPOS provides users with a Single Sign On (SSO) client that logs them into the online services when they log into Windows, thus removing the need for repeated entering of credentials. If you right click the SSO icon in the System tray-it will launch you right into the app…unless it’s Outlook Web Access. When you try and run OWA, it requires you to enter your username and password each time; the reasoning behind it is a lack of pass-through authorization for increased security.
The upshot is…if you use Exchange Online but don’t have Outlook-you can’t use the Single Sign On to access your email. Maybe not the most common request but I’ve already have it once so you never know 😛
3 Replies to “Microsoft Online Single Sign On Oddity”
OWA requires an SSl connection (https) so you need to authenticate again in order to log on ..
The issue is that OWA uses Forms Based Authentication which doesn’t support single sign on (even in an on premise environment). All BPOS services use SSL, so that is not the issue here.
We are new to BPOS. We are working on a BPOS project for a client who is (quite reasonably) insisting on using 2-factor Authentication (eg RSA SecurID) to prove the identity of the user before they can access their e-mail etc.
I can find nothing on the BPOS site which suggests that it can support any more than plain old ‘static passwords’.
Has anyone dealt with this requirement before? Do you know if BPOS supports the SAML (Web SSO) protocol? If so we have no problem – but I can find no reference to this or any other protocol that might help (RADIUS for instance.)
Any experience in this area gratefully received