What to expect when Yammer SSO and Dsync stop working on December 1, 2016


As previously announced, Yammer's single sign-on (SSO) and directory sync (DSync) tools will stop working on December 1, 2016. You will have to replace these tools by Office 365 sign-in and Azure Active Directory Connect (Azure AD Connect). Setting up the new tools can be time-consuming, but transitioning to Office 365 identity enables your users to access all Office 365 services by using only one identity and therefore it tightens security and makes user management easier.

What to do on December 1

The following table explains how these changes will affect your Yammer users and your responsibilities as an admin. The table also contains some steps to follow to make sure that your organization's work isn't interrupted after December 1, 2016.

Yammer tool

Expected changes on December 1

Impact on Yammer users

Impact on Yammer admin

Yammer SSO

Yammer will no longer send your users directly to authenticate at the Identity Provider configured for Yammer SSO.

Any user who has an actively used Azure Active directory account (Office 365 identity is managed by Azure AD) will be prompted to log in to Yammer with that account, the same as when they access other Office 365 services.

Anyone who doesn't have an actively used Azure AD account will be prompted to log in with a username (their email address) and password. This is called Yammer identity. If the user has forgotten his or her password or has only used Yammer SSO, the user must reset it by selecting forgot password on the sign-in prompt.

People who leave your organization may maintain access to Yammer since they will not be automatically suspended in Yammer after being removed from your Active Directory.

Office 365 identity may require users to use a different Identity Provider (STS) from that used for Yammer SSO. As a result, users may need to authenticate to Yammer differently and also require multi-factor authentication (MFA).

Yammer Embed instances should be tested with Internet Explorer to evaluate whether changes are required to zones.

Yammer DSync

Updates from your Active Directory will stop syncing to Yammer. This includes user additions, profile updates, and most importantly user suspensions.

People who leave your organization may maintain access to Yammer since users will not be automatically suspended in Yammer after being removed from your Active Directory.

The user identity is now controlled by Office 365 and syncs from on-premises occur through Azure AD Connect. For more information, see Manage Yammer users across their life cycle from Office 365

In situations where Office 365 identity is not enforced, admins must manually perform some user management tasks in Yammer. This is less effective than the integrated solution.

Steps for setting up directory synchronization and/or SSO in Office 365

Every organization's setup is different and may have complex configurations; however, here are the most common steps to setting up SSO for Office 365:

  1. If you have not already, get an Office 365 subscription. See also How to audit Yammer users in networks connected to Office 365, and Manage Yammer user licenses in Office 365.

  2. Make sure that all of your Yammer users have Office 365 accounts managed in the Azure Active Directory, and that they are able to log in to their accounts. Install Azure Active Directory Connect custom set up to set up directory synchronization or SSO.

  3. Next, make sure that federated identity is configured with Azure Active Directory in the same way you have it set up with Yammer SSO. See Understanding Office 365 Identity and Azure Active Directory for more information.

  4. Assign Office 365 licenses so that users can see the Yammer tile in the App Launcher and other Yammer features within Office 365, but are not strictly required to allow users to sign in with Office 365 identity

  5. Enforce Office 365 Identity in Yammer, and then log out all users. To enforce Office 365 Identity, sign into Yammer's admin dashboard by using Office 365 global admin credentials, and go to the Security Settings page under Content and Security. You should only take this step if all of your Yammer users have been added to the Azure AD and can authenticate into their Azure AD accounts; otherwise, you'll prevent login for your users who do not have access to the tenant.

How to request an extension if you have a complex configuration

Some customers have run into delays and complex configurations that make it impossible to replace Yammer SSO or DSync by the deadline on December 1, 2016. If your organization is facing any complications ,then you may request an extension for a March 6, 2017 deadline.

The following are some examples of complex configurations:

  • Customers who require long-lived authentication sessions (where a user continues to be logged in to Yammer on a browser even when the browser is closed and reopened) for interoperability due to how Yammer is embedded in their internal web portals. Customers that have escalated this concern and opened support cases will continue to get updates on the solution.

  • Phased rollout of Azure AD authentication is necessary to match your current Yammer SSO configuration—one that allows users to log in with only one user identifier (even if your directory has UPNs that are different from your users' email addresses) and requires UPN as the user identifier for your on-premises federated authentication endpoint.

  • You need more time to create Azure AD accounts for all or many of your Yammer users.

To request an extension

  • Open a severity C service request (case) with Microsoft Support today that clearly states you wish to have an extension for Yammer SSO or DSync. You must do this by December 1, 2016 to avoid disruption.

    Once the service request is processed you will have an extension, and there will be no further follow up or action required.

    Microsoft Support can also answer technical questions related to the transition from Yammer SSO or DSync, but you should create a separate support case for these questions.

See Also

Plan for Yammer SSO and DSync deprecation

Federated identity

Office 365 sign-in for Yammer

Sign in to Office 365

Expand your skills
Explore training
Get new features first
Join Office Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.