For what I currently know multiple O365 tenants synced by dirsync is only possible with multiple sync server where each sync server has an active filter for the OU for example. Correct me if I'm wrong.
Now I'd like to use a single AD / ADFS with multiple OA so that each OA will be it's own O365 tenant. But the central AD FS should be used for SSO.
The scenario looks a bit like this:
* Parent company provides www.theparentcompany.com for ADFS federation
* Subsidiary company A is an OU of the parents AD
* Subsidiary company A owns www.imasubsidiary.com
* Users of company A want to log in by user@imasubsidiary.com but be federated by the ADFS behind theparentcompany.com
* Subsidiary company B is an OU of the parents AD
* Subsidiary company B owns www.anotherdomain.com
* Users of company B want to log in by user@anotherdomain.com but be federated by the ADFS behind theparentcompany.com
Is there a way to do this with a single sync server with the current tools? At least for what I see (connectors in FIM2010) it looks like it could be possible in theory. But I couldn't find any documentation that validates this kind of scenario.
Can FIM2010 for dir sync be used sync multiple connectors for multiple tenants or is the configuration/flow special to the DirSync installation so that a new installation is needed?
Will the upcoming AAD Connect support this scenario?
Best regrads,
Daniel
Now I'd like to use a single AD / ADFS with multiple OA so that each OA will be it's own O365 tenant. But the central AD FS should be used for SSO.
The scenario looks a bit like this:
* Parent company provides www.theparentcompany.com for ADFS federation
* Subsidiary company A is an OU of the parents AD
* Subsidiary company A owns www.imasubsidiary.com
* Users of company A want to log in by user@imasubsidiary.com but be federated by the ADFS behind theparentcompany.com
* Subsidiary company B is an OU of the parents AD
* Subsidiary company B owns www.anotherdomain.com
* Users of company B want to log in by user@anotherdomain.com but be federated by the ADFS behind theparentcompany.com
Is there a way to do this with a single sync server with the current tools? At least for what I see (connectors in FIM2010) it looks like it could be possible in theory. But I couldn't find any documentation that validates this kind of scenario.
Can FIM2010 for dir sync be used sync multiple connectors for multiple tenants or is the configuration/flow special to the DirSync installation so that a new installation is needed?
Will the upcoming AAD Connect support this scenario?
Best regrads,
Daniel
