Enforce Office 365 identity for Yammer users

As Yammer becomes a core service for your organization, you'll want users to be able to log into it seamlessly, just like any other Office 365 service. Additionally, you'll probably want to maintain a single identity for all Office 365 users for easier user management. You can achieve both of these goals by enforcing Office 365 identity in Yammer. By enforcing Office 365 identity in Yammer and configurating federated identity for Office 365, admins can achieve single sign-on (SSO) capabilities for all services in Office 365, including Yammer.

How enforcing Office 365 identities in Yammer works

The following flowchart shows what happens when a user logs in to Yammer.

Below is the user's login experience when Office 365 identity is and is not enforced for Yammer:

1. A user tries to login to Yammer, and is presented with a login dialog box.

2. The user enters his or her email address.

3. When Office 365 identity is enforced, the user is prompted to login with his/her Office 365 identity. If the customer has implemented the federated identity model in Office 365, the user will log in with single-sign-on.

4. When Office 365 identity is not enforced (this is the default setting), if there is an Office 365 account corresponding to the user's email address, the user is prompted to log in with his or her Office 365 identity.

5. When Office 365 identity is not enforced (this is the default setting), if there is no Office 365 account corresponding to the user's email address, the user is prompted to log in with his or her Yammer identity (email and password)

The following table compares the user login behavior when Office 365 Identity is enforced or not enforced. Note that Office 365 identity is not enforced by default.

Is Office 365 identity enforced?	Is there an Office 365 account for that user's email address?	What happens when the user logs in:
Yes	Yes	The user is prompted to log in with his or her Office 365 identity.
No	Yes	The user is prompted to log in with his or her Office 365 identity.
No	No	The user is prompted to login with his or her Yammer identity (email and password).

Start enforcing Office 365 identity in Yammer

It takes just a few steps to start enforcing Office 365 identities in Yammer. However, turning this setting on can accidentally disrupt users' access to Yammer. So before you begin, do the following to make sure your Yammer users can continue working smoothly:

• Make sure all current Yammer users have a corresponding Office 365 identity.    When you enforce Office 365 identities for Yammer, any user without a corresponding Office 365 identity will be locked out of Yammer. So before you begin, make sure that all of your current Yammer users have corresponding Office 365 identities. One method to check this is to go to the Export Users page in Yammer and export all users. Then compare that list to the list of users in Office 365 and make any changes required.

• Tell your users about this change.    We strongly recommend that you tell users that you are switching to enforce Office 365 identities, because it can disrupt their day to day usage of Yammer. We have provided a sample email you can use in the settings below.

You must be a global administrator on Office 365 who was synchronized to Yammer as a Verified Admin to perform these steps. To check if your account was synchronized, you can go to the Network Admin page on Yammer and check the Admins section. Global administrators will sync to Yammer only if their user principal name (UPN) in Office 365 matches a domain on Yammer. The following screenshot shows what a synced admin looks like on the Admins page in Yammer.

If you are ready to enforce Office 365 identity in Yammer, follow the steps below.

To start enforcing Office 365 identity in Yammer

1. In Yammer, go to the Network Admin section, and choose Security Settings.

2. In the Security Settings page, go to the Enforce Office 365 Identity section and select the Enforce Office 365 identity checkbox.

   This setting will override any existing Yammer single sign-on (SSO) configuration that was previously done. You do not need to explicitly turn off Yammer SSO before enforcing Office 365 identity. You must be both a Yammer verified administrator and an Office 365 global administrator to see this section.

   

3. You see a confirmation message that asks if you are ready to start enforcing Office 365 identity.

   

4. The confirmation message shows the number of active users on the Yammer network. Make sure all the current Yammer users have corresponding Office 365 identities.

5. If you want, you can automatically log out all current users, so that you can be sure that everyone using the Yammer service has logged in with their Office 365 identities. If you want to do this, select the Log out all current users checkbox.

6. If you want to see a message template that you can use to communicate this change to your users, choose View Example.

   

   The sample text is:

   Dear Yammer user,

   As Yammer becomes a core service for our organization, we want you to access it seamlessly, just like any other Office 365 service. To ensure this, starting immediately, we require all users to login to Yammer with their Office 365 identity. We know this may cause some short term inconvenience, but this change will enable us to maintain one identity to access all of the Office 365 services, including Yammer.

   Your friendly administrator

7. If you are ready to start enforcing this setting, select Yes, I am ready to confirm your choice. This returns you to the Security Settings page where the Enforce Office 365 identity in Yammer checkbox is now selected.

   Note: You can also choose to select Block Office 365 users without Yammer licences to ensure that only users with Yammer licenses can login to Yammer..

8. Choose Save to save all your settings on the page.

   If you don't choose Save but instead navigate away from the page, your settings will not take effect.

Stop enforcing Office 365 identity in Yammer

When you stop enforcing Office 365 identities in Yammer:

• Any users who were already logging into Yammer with their Office 365 identities will be unaffected by this change.

• If your network had Yammer SSO configured, that configuration will again apply to your network. If you want to continue using SSO, verify your SSO settings.

• If your network did not have Yammer SSO configured, users can join your network by signing up with their work email and verifying it.

If you no longer want to enforce Office 365 identities, you can follow the steps below to stop. You must be both a Yammer verified admin and an Office 365 global administrator to perform these steps.

To stop enforcing Office 365 identity in Yammer

1. In Yammer, go to the Network Admin section, and choose Security Settings.

2. In the Security Settings page, go to the Enforce Office 365 Identity section and clear the Enforce Office 365 identity checkbox.

   You see a confirmation message so you can verify that you are ready to stop enforcing Office 365 identity.

   

3. Select Yes, I am ready to confirm your choice.

   This returns you to the Security Settings page where the Enforce Office 365 identity in Yammer checkbox is now cleared.

4. Choose Save to save all your settings on the page.

   If you don't choose Save but instead navigate away from the page, your settings will not take effect.

FAQ

Q: How will this change impact guest and external users?

A: Guests and external users will continue to follow the login settings and requirements of their home network, and will be unaffected. This is the same behavior Yammer SSO followed.

Q: How long does it take for this setting to be applied?

A: Enforce Office 365 Identity is applied immediately after the setting is set.

Q: We use the same ADFS configuration in Yammer and Office 365. Should we log users out during the transition?

A: Yes. Logout ensures all users logged in after that are connected to their Office 365 identity, which connects users for user lifecycle management from Office 365 and also provides a consistent experience for them, with things like Office 365 suite navigation.

Q: What is the experience for users being logged-out when enforcing Office 365 identities?

A: Users will be logged out of their web and mobile sessions immediately and will be required to login in all their devices and browser sessions again, this time using their Office 365 identity configuration and credentials.

Q: How can I audit and clean up Yammer users when compared to Office 365 and Azure AD?

A: You can audit Yammer users in networks connected to Office 365 and take appropriate actions based on it. See more information and examples in How to audit Yammer users in networks connected to Office 365.