When you setup ADFS for your domain, you can use Single-Sign-On (SSO) for user authentication. It lets your users access corporate applications/resources like Office 365 with his/her network credentials. If they are using domain-joined computer, they sign-in automatically without having to provide user credentials at all. This magic happens after you federate the domain with Azure AD or Office 365. To do so, follow the below steps.
Prerequisites - You'd need Azure AD Module for PowerShell installed on your primary ADFS server. You will need to provide Global Admin account's username and password when prompted for credential.
Go to your Primary ADFS Server and connect to your Azure AD Tenant.
- On the Primary ADFS server, open an Administrator PowerShell window and import the MSOnline module
Import-Module MSOnline
- Connect to your Azure AD Tenant
Connect-MSOLService
Sign in with a Global Admin account in the credential pop-up
- Once you are connected to your Azure AD Tenant, let’s make sure your domain is currently recognized as a “Managed” domain.
Get-MsolDomain -Domainname
4. Run the command to convert your domain.
Convert-MsolDomainToFederated -DomainName <domain.com> -SupportMultipleDomain
5. Run the following PowerShell cmdlet to confirm the domain is converted:
If you see the Authentication is set to Federated, you should start observing Single-Sign-On in a few minutes. When you sign in to Office 365, it’ll start redirecting you to your ADFS sign-on page.
0 comments:
I welcome you to write your comments here..