There are three types of identities supported through identity management in Office 365 sections: Cloud IDs, Cloud IDs with directory synchronization and Federated IDs. The type of identity approach you take will affect aspects of the user experience, administrative requirements, deployment considerations and capabilities using Office 365.
Cloud Identity
Built for small organizations that may not use Active Directory.
-
No servers required on-premises
-
No Single Sign-on
-
No two factor authentication
-
2 sets of credentials to manage with differing password policies
-
IDs mastered in the cloud
Cloud Identity with Directory Synchronization
Built for larger organizations with on-premise Active Directory.
-
Users and groups mastered on-premises
-
Enables co-existence scenarios
-
No Single Sign-on
-
No two factor authentication
-
2 sets of credentials to manage with differing password policies
-
Single server deployment
Read more about directory synchronization
Federated Identity
Built for larger organizations with on-premise Active Directory and require Single Sign-on.
Federated IDs (Federated Identity) is a more sophisticated approach for larger organizations. In companies with Federated Identity set up, users can sign into Office 365 services using their Active Directory credentials. The corporate Active Directory authenticates the users, and stores and controls the password policy. With federated Identity, credentials are authenticated by on premises.
-
Single Sign-on with corporate credentials
-
IDs mastered on-premises
-
Password policy controlled on-premises
-
Two factor authentication solutions possible
-
Enables co-existence scenarios
-
High availability server deployments required
Read more about Active Directory Federation Services (AD FS) 2.0
Source: Vijay Kumar
