Office 365Sign In Redirecting to GoDaddy SSO

Question

There have been a few changes in our environment recently. No when going to the Office 365 login page, when we click to sigh in it redirects us to GoDaddy SSO home page and then will not accept the ADFS credentials to log in. We use GoDaddy for external DNS The recent changes have been: Autodiscover pointing to outlook.office365.com instead of on premises ADFS proxy changed to use WAP servers instead of using the Netscaler for proxy Azure MFA enabled o ADFS POP and IMAP disabled for all user mailboxes.

We simply want to be able to sign into the office 365 portal like everyone else does.

Any assistance would be great.

Thanks

Answer 1

This is not a DNS problems. It has more to do with Federation. When you try to logon to the Office 365 portal it would require you to provide your username and password and any MFA prompt if already setup. The O365 system will check the UPN suffix of your username and redirect you to https://login.microsoftonline.com/common endpoint which will further try to find out about your domain. It will check whether the domain's authentication is managed or federated. In case of managed it means the system is federated with Microsoft federation system and the authentication is managed in the cloud. If it is federated , it can be federate to your own federation service like on-premise ADFS or OKTA , auth0 etc. or it can be federated with any O365 syndicate Network (O365 through godaddy , dell etc.) .

In your case if you are getting redirected to Godaddy SSO then it seems you are using the Office 365 mail plans by godaddy. It is not possible to federate to this system and you will have to buy a license directly from Microsoft and migrate your federation setup completely to Microsoft Office 365 in order to get that kind of control because godaddy does not allow you to go to Office 365 management portal and they provide their own O365 management portal which does not allow multiple management operations.

If you want to federate it with your on-premise ADFS you would need to move the users and the email domain to a new Microsoft O365 tenant. And you can then federate your domain with your ADFS environment. You will need to buy Office 365 directly through Microsoft or via any CSP and in this case it will provide you complete control on the O365 tenant instance unlike godaddy. Godaddy Office365 offering was not designed keeping the on-premise federation in mind. It was mainly designed for small businesses who just required email-on-the-go along with a domain name with some features of Office365. I am not an expert of the same but this is what I understand of it with the experience I have had in the past going through a few of these scenarios.

You need to create a new tenant and buy same office 365 licenses directly from Microsoft. You would need to create all your users in your new tenant . Have the users to export their Mailboxes and create PST files. You can use third party O365 migration tools or do it manually . This method will require some downtime but with careful planning you can minimize it .

Use this Office 365 article to export PST of user mailboxes .

When you buy Office365 through godaddy, the Godaddy system creates a tenant which is named something as NETORGxxxxx.onmicrosoft.com where xxxxxx denotes an alphanumeric serial number. And your email domain which you bought with godaddy will be associated with this tenant . You will need to move this domain to another new tenant in order to use it with your on-prem ADFS . You can call godaddy support to dissociate your domain from the godaddy tenant and they can do it for you . But if you want to do it yourself without calling them you can follow the following steps. In this case you will need to find the admin user for your godaddy tenant. In order to do that please follow the steps below.

• Have the user who set godaddy Office365 system first time , logon to the Azure portal . https://portal.azure.com .

• Once you logon to the Azure portal you must be able to find the Azure active directory blade .

• Click on the same and open Azure Active directory >> Users >>

• Try to find the admin user here the account should look something like admin@NETORGxxxxxx.onmicrosoft.com .

• Please reset the password for this account admin@NETORGxxxxxx.onmicrosoft.com .

• This is the account which we will use to convert our godaddy email domain for managed authentication from Godaddy SSO .

• Alternatively you can promote another account to global Admin role but I have not tested it in the past whether that will work or not .

• Now please install the Powershell Module MSonline on your system . Or AzureAD powershell module . Please see linked article for the same. Also the PowerShell cmdlets sometimes can take longer depending upon number of users in your tenants and other factors so give it enough time.

• After this logon to the Office 365 instance by following cmdlets. Connect-Msolservice Connect-ExchangeOnline

• Now you require to enable Organization customization .
  Enable-OrganizationCustomization

• After this use the admin user account for which you reset the password and run the below cmdlet for that user. New-ManagementRoleAssignment -Role "ApplicationImpersonation" -User "admin@NETORGxxxxxx.onmicrosoft.com"

• you can now check the domain name which we want to change authentication method for . Get-MsolDomain

• The above command will list all the domains associated with your tenant . In case of godaddy it should be one which will appear as federated.

• Now we will run the following command to remove the federation. Set-MsolDomainAuthentication -DomainName "<your org domain name>" -Authentication Managed

• To check whether it has been completed , you can run Get-MsolDomain again and check the status of domain. It should be managed.

• Now you can remove the domain from here and take it to another tenant without a problem.

Once this is done. By this time you must already have your users created on the new domain and you may need to import the mailboxes of the users to your new tenant. You can use this one for importing the PST files to users mailboxes.

Once done you can federate the Office 365 domain from your on-premise ADFS server as you had done before and it would work without an issue. I understand it is not a simple process but Godady Office 365 Offering does not allow federation with any other system than godaddy SSO . So if you would like to change it to your on-premise ADFS system you may need to move to a new tenant completely . It is a cumbersome process but many small businesses who are on a growth path like to have more control do migrate out of godaddy as their business grows and needs change.

Answer 2

Thank you so much! I've been going in circles for days with GoDaddy because I had the exact same issue where I tried to begin reselling M365 accounts (I initially bought my domain and M365 accounts through GoDaddy... big mistake!) and couldn't even begin to do so because every time I clicked on the admin link provided by Pax8 (my reseller), it would automatically redirect to the GoDaddy SSO...