WSFED with multiple Office 365 Tenants
Guys, I have setup wsfed with 2 Office 365 tenants. However I have a requirements to pass a different set of attributes in another tenants but I can't figure out how, is it possible? Noticed that creating 2 seperate WS-Trust/Fed Service Provider won't help as it just goes to One. So one of my tenant was to remain GUID and MAIL as attr, but another tenant I need to use a seperate attr. Possible? Thanks
I don't think it is possible to have different attributes for different tenants, since this is only (let's say) one federation from NAM point of view.
But maybe this can be solved different way.
Do you have different users accessing different tenant (e.g. user A,B,C access to tenant1 and user D,E,F to tenant2), or is it same user that needs access to both tenants?
If those are different users, you can maybe use virtual attribute in attribute map and then calculate virtual attribute value based on user's properties?
If same user needs access to both tenants, maybe you can federate tenant1 using ws-fed and tenant2 using SAML. Then you can have different attribute sets. Please note that I haven't done that before, but it might be worth trying.
Of course, if you have servers to spare, you can set up additional NAM IDP cluster, federate each IDP cluster with each tenant and then do SAML federations between IDPs (done that before NAM was able to federate to multiple tenants)