This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ARS 7.2 and O365 account passwords

When creating an account in ActiveRoles and then creating that same account in the tenant, where is the password stored?  Is it also stored in the tenant?  If it is, what process updates that password if the synchronization service is not setup to sync passwords?


Right now if I create an account in ARS and then through the web-interface also create the account in the tenant, I can go to the O365 portal and login with that account and password.  If I'm using ADFS, is it the authority for password or is ARS?

  • Active Roles is not a password authority, for either on-prem or Azure accounts.

    The connected system is always the password authority, whether that be Active Directory, AD LDS (ADAM), or Azure.

    When Active Roles creates a User account in Azure, there is a temporary password which is passed during the account creation, as is required. If your Tenant is enabled for ADFS, then your Federated Domain immediately becomes the password authority and the temporary password never comes into play.

    Active Roles doesn't store or need the User's Federated password. The Azure Service Account which is specified uses its elevated access to retrieve and write User information.