I'm managing IT for a small non-profit and we're transitioning to a new local domain that's Entra joined. This is in partnership with a larger organization, and we rely on their security features for cyber compliance. My users log in using ad.myorg.com, but we utilize free O365 accounts with the larger organization (largeorg.com). Unfortunately, I have no admin access to largeorg.com. Normally, things run smoothly, but I'm finding that users occasionally struggle to log in correctly—especially with the new domain. They often have to sign out and back in to use their largeorg.com credentials. I'd love to hear if anyone else has navigated a setup like this or if there's a better method I might be missing. Thanks for any insights!
3 Answers
Have you considered requesting the parent org to give you some access through AAD connect? That way, you'd have a single source of truth for your users and things like password writes could be managed better, although it means they'd still keep control over Entra.
It looks like Microsoft has a new solution in preview that could help with this! Have you checked it out? Here's a link: https://learn.microsoft.com/en-us/entra/identity/authentication/howto-authentication-use-email-signin
If I set up a proxy address for [email protected], won't it still prioritize logging in with the ad.myorg.com account? I need them signed into O365 with largeorg.com and still have their local account for their workstations.
It sounds like the main issue stems from the UPNs not aligning between your AD and Entra. If they don’t match, that could cause those login problems.
The UPN suffixes are actually matching, but the O365 accounts are totally separate from what I manage.
They’ve offered to make us a tenant in their AD, but our director is adamant about keeping things separate, even though this could fix a lot of our issues!