Greetings,
I've been trying figure out how to implement ADFS to Office 365 in MS cloud in our environment, with little luck. I have a working 2012 domain and we are already using smart card logon on Windows 7/8 workstations. Certificates on smart cards are issued by 3rd party CA. This far every thing is fine and working, necessary root certificates are added to trusted Trusted Root Certification Authorities, UPN suffixes and users' UPNs are set according to UPN on the certificates and users successfully log on to workstations with smart cards.
Now I face the requirement to enable SSOto Office 365 with accounts from our AD. I've been told by our MS partner and Dr. Google that in order to do that user account name (upn) in AD and in O365 need to match. Now the fact that account UPN in our AD is not usable in O365 (because it is set to match 3rd party certificate UPN) and I have not found a way to enable smart card log on without changing UPN in AD.
Does anyone has experience of such a configuration? Is it possible to use AD federation to O365 at all in our case?
Best regards, and thanks in advance
Timo