So I was tasked with implementing SSO for an upcoming move to Office 365. I am trying to find some solid uses for ADFS that make it worth the hassle. From my understanding, the big features are the ability to reset passwords externally, 2 factor auth, immediate access disabling, no passwords hashed outside your network, and true Single Sign-On for internal use.
Though, Same Sign On through Azure AD with Directory Synch doesn't seem to be that bad. 1 server, no redundancy required, no SSL Cert, no public domain registration.
Internally, might be a slightly better experience for users that log into O365 for webmail. For everything else, Outlook, external OWA, I don't see a big plus.
Does anyone have an opinion on what would still make it worth setting up ADFS in a highly available topology (2 ADFS Servers, 2 Proxy, 1 DirSynch, gro-redundancy) as opposed to a simple Windows Azure AD with Directory Synch+Password Synch?