[Samba] Azure Sync
jrjsmrtn at gmail.com
Fri Jul 10 20:03:16 UTC 2020
> Le 9 juil. 2020 à 19:26, Bernhard Dick via samba <samba at lists.samba.org> a écrit :
>> Am 02.07.2020 um 17:23 schrieb Martin Hauptmann via samba:
>> Sorry if I didn't find the right manual.
>> I would like to set up a new Domain Controller and connect it to an existing Office 365 with Exchange in a way, AD-Users of a certain group can login and not having to login to Office365.
>> My questions:
>> Can I map the existing Office365-Accounts to the new Domain?
> One thing I would take a look at, also after I've read the recent answers, is the SAML interface for office365. I do not yet have a working environment using this but it seems promising. Here you'd need to set up an own IdP (for example using shibboleth) and connect this with the office365 users. I'm not sure how seemless this works but I think that there should be an idp being able to authenticate the users via kerberos if they're already logged in on a workstation.
> Here is some documentation on the Microsoft side for using an SAML Idp: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-saml-idp . A mapping of existing users seems possible.
> However it seems that only adding someone to a group of allowed users is not enough but you still need to create a user identity for everyone you want to use O365 there.
An alternative SAML IdP to Shibboleth is Moonshot (https://wiki.moonshot.ja.net/), *especially* if you want to integrate non-Web applications (SSH, Java applications,...)
Disclaimer: I have not (yet) performed such a deployment.
More information about the samba