Skip to main content

How To Set Up ADFS for Office 365 for Single Sign-On

How To Set Up ADFS for Office 365 for Single Sign-On

Active Directory Federation Service (ADFS) may be a software component developed by Microsoft to supply Single Sign-On (SSO)
authorization to users on Windows Server Operating Systems(WSOS). ADFS allows users across organizational boundaries to access applications on Windows Server Operating Systems employing a single set of login credentials.

ADFS makes use of claims-based Access Control Authorization model to make sure security across applications using federated identity. Claims-based authentication may be a process during which a user is identified by a group of claims associated with their identity. 

Step 1: Install Active Directory Federation Services

Add Active Directory Federation Service (ADFS) by using Add Roles and Features Wizard.

Notes for ADFS 2.0


If you're using Windows Server 2008, you want to download and install ADFS 2.0 to be ready to work with Office 365. You can obtain ADFS 2.0 from the subsequent Microsoft Download Center website:

Active Directory Federation Services 2.0 RTW

After the Installation, use Windows Update to download and install all Coming updates.

Step 2: Request a certificate from a third-party certification authority(CA) for the Federation server name


Office 365 requires a trusted certificate on your Active Directory Federation Service (ADFS) server. Therefore, you want to obtain a certificate from a third-party certification authority (CA).

When you customize the certificate request, confirm that you simply add the Federation server name within the Common name field.

In this video, we explain only the way to generate a certificate signing request (CSR). You must send the CSR file to a third-party certification authority (CA). The certification authority (CA) will return a signed certificate to you. Then, follow these Following steps to import the certificate to your computer certificate store:

Run Certlm.msc and open the local computer's certificate store.
In the navigation pane, Expand Personal, expand Certificate, right click the Certificate folder, then click Import.
About the Federation server name

The Federation Service name is that the Internet-facing name of your ADFS server. The Office 365 user are going to be redirected to the present domain for authentication. Therefore, confirm that you simply add a public A record for the name .

Step 3: Configure ADFS

You cannot manually A name because the Federation server name. The name is decided by the topic name (Common name) of a certificate within the local computer's certificate store.

Notes for ADFS 2.0


In ADFS 2.0, the Federation server name is decided by the certificate that binds to "Default Web Site" in Internet Information Services (IIS). You must bind the new certificate to the Default website before you configure Active Directory Federation Service (ADFS).

You can use any account because the service account. If the service account's password is expired, ADFS will pack up . Therefore, confirm that the password of the account is about to never expire.

Step 4: Download Office 365 tools

Windows Azure Active Directory Module (WAADM) for Windows PowerShell and Azure Active Directory sync appliance are available in Office 365 portal. To obtain the tools, click Active Users, then click Single sign-on: found out .

Step 5: Add your domain to Office 365

The video doesn't explain the way to add and verify your domain to Office 365. For more information that procedure, see Verify your domain in Office 365.

Step 6: Connect ADFS to Office 365

To connect ADFS to Office 365, run the subsequent commands in Windows Azure Directory Module for Windows PowerShell.

Note within the Set-MsolADFSContext command, specify the FQDN of the ADFS server in your internal domain rather than the Federation server name.

PowerShell

Copy
Enable-PSRemoting 
Connect-MsolService 
Set-MsolADFSContext –computer 
Convert-MsolDomainToFederated –domain 
If the commands run successfully, you should see the following:

A "Microsoft Office 365 Identify Platform" Relying Party Trust is added to your Active Directory Federation Service (ADFS) server.
Users who use the custom name as an email address suffix to log in to the Office 365 portal are redirected to your ADFS server.

Step 7: Sync local Active Directory user to Office 365

If your internal name differs from the external name that's used as an email address suffix, you've got to feature the external name as an alternate UPN suffix in the local Active Directory domain. For example, the interior name is "company.local" but the external name is "company.com." during this situation, you've got to feature "company.com" as an alternate UPN suffix.

Sync the user accounts to Office 365 by using Directory Sync Tool (DST)

Notes for ADFS 2.0


If you're using ADFS 2.0, you want to change the UPN of the user account from "company.local" to "company.com" before you sync the account to Office 365. Otherwise, the user will not be validated on the ADFS server. 

Step 8: Configure the client Desktop for Single Sign-On

After you add the Federation server name to the local Intranet zone in Internet Explorer, the NTLM authentication is employed when users attempt to authenticate on the ADFS server. Therefore, they're not prompted to enter their credentials.

Administrators can implement Group Policy settings to configure one Sign-On solution on client computers that are joined to the domain.


                                      : +1-800-795-0713

Labels:
Location: United States

Comments

Post a Comment

Popular posts from this blog

Easy Steps To Fix Error Code 30182-39 in Office.com/setup

Easy Steps To Fix Error Code 30182-39 in Office.com/setup Microsoft office is a useful software and is popular for giving practical solutions to various tasks of computing. The software is available in various packages to suit the diverse needs of the clients and help them in completing their daily tasks with ease and comfort. The high popularity of the software of  office.com/setup   is observable in the entire world. The software works usually fine but at times there may be display of  Office Error Code 30182-39 . Let us see the easy way to resolve the office error code 30182-39. The steps to resolve the error code is easy to implement without any hassle. Common Causes Of The Error Code 30182-39 Uninstalled latest updates of the office software operating system. Presence of various viruses in the computer system. Some antivirus program may also cause this error to occur. Outdated operating systems and outdated operating software may also be the reason to the office erro...
Post a Comment
Read more

Fix Office 365 issues using the Microsoft Tool “SaRA”

Fix Office 365 issues using the Microsoft Tool “SaRA” Each folks has had issues with Outlook OneDrive or other Office 365 themes within the past. Microsoft has provided a while ago a replacement tool, which they need named SaRA. In this article, I’d like to talk a bit more about this very helpful tool. Microsoft Support & Recovery Assistant for Office 365 and may be a diagnostic tool, it helps us to repair all issues and collect data for analysing our issue. For what we can use SaRA? The Microsoft Support and Recovery Assistant (SaRA) uses advanced diagnostics to report Close problems and Information about your Microsoft Outlook configuration. Reported problems are linked to public-facing documentation (usually a Microsoft knowledge domain article) for possible fixes. If you’re a Help desk professional, you'll review customer reports that are generated in HTML format. Fix problems with Office 365 SaRA When you start the wizard, first you want to check in together with your Off...
Post a Comment
Read more

How to Install/Setup Office.com 2019

How to Install/Setup Office.com 2019 Beginning with setup Office.com 2019, all Office products for Windows that are available through Volume Licensing use Click-to-Run technology instead of the traditional Windows Installer technology. To deploy volume licensed versions of setup Office.com 2019 products for users in your organization, you'll use the Office Deployment Tool (ODT). You'll need a broadband Internet connection with download speeds of at least 20 Mbps to download Office 2019 products. Note that Office 2019 products require  Windows 10  and will not run on older versions of Windows. Step One: Register at the VLSC and Accept Your Software Agreement If you haven't already, register at the VLSC and accept your software license agreement for the Office 2019 products you requested by completing only   steps one and two in our VLSC quick-start guide . Step Two: Get Your Office 2019 Product Key from the VLSC Sign in to the  VLSC . Select the  Downloads a...
Post a Comment
Read more